2025/10/30 18:58:07 extracted 321630 text symbol hashes for base and 321630 for patched 2025/10/30 18:58:07 binaries are different, continuing fuzzing 2025/10/30 18:58:07 adding modified_functions to focus areas: ["vfio_df_ioctl_bind_iommufd"] 2025/10/30 18:58:07 adding directly modified files to focus areas: ["drivers/vfio/device_cdev.c"] 2025/10/30 18:58:07 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/30 18:59:06 runner 0 connected 2025/10/30 18:59:07 runner 1 connected 2025/10/30 18:59:12 runner 6 connected 2025/10/30 18:59:13 runner 0 connected 2025/10/30 18:59:13 initializing coverage information... 2025/10/30 18:59:13 runner 4 connected 2025/10/30 18:59:13 runner 8 connected 2025/10/30 18:59:13 runner 5 connected 2025/10/30 18:59:14 runner 1 connected 2025/10/30 18:59:14 runner 2 connected 2025/10/30 18:59:14 executor cover filter: 0 PCs 2025/10/30 18:59:14 runner 2 connected 2025/10/30 18:59:14 runner 3 connected 2025/10/30 18:59:14 runner 7 connected 2025/10/30 18:59:17 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/30 18:59:17 base: machine check complete 2025/10/30 18:59:18 discovered 7601 source files, 332486 symbols 2025/10/30 18:59:19 coverage filter: vfio_df_ioctl_bind_iommufd: [vfio_df_ioctl_bind_iommufd] 2025/10/30 18:59:19 coverage filter: drivers/vfio/device_cdev.c: [drivers/vfio/device_cdev.c] 2025/10/30 18:59:19 area "symbols": 34 PCs in the cover filter 2025/10/30 18:59:19 area "files": 97 PCs in the cover filter 2025/10/30 18:59:19 area "": 0 PCs in the cover filter 2025/10/30 18:59:19 executor cover filter: 0 PCs 2025/10/30 18:59:21 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/30 18:59:21 new: machine check complete 2025/10/30 18:59:25 new: adding 2467 seeds 2025/10/30 18:59:40 triaged 97.1% of the corpus 2025/10/30 18:59:40 starting bug reproductions 2025/10/30 18:59:40 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/30 19:00:10 triaged 100.0% of the corpus 2025/10/30 19:03:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 706, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9440, "distributor delayed": 410, "distributor undelayed": 410, "distributor violated": 0, "exec candidate": 2467, "exec collide": 3999, "exec fuzz": 7354, "exec gen": 392, "exec hints": 1168, "exec inject": 0, "exec minimize": 9204, "exec retries": 0, "exec seeds": 1969, "exec smash": 8355, "exec total [base]": 16024, "exec total [new]": 44135, "exec triage": 1895, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 803, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 136, "max signal": 9852, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4910, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 808, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 195, "reproducing": 0, "rpc recv": 1180046112, "rpc sent": 64565664, "signal": 9000, "smash jobs": 654, "triage jobs": 13, "vm output": 195116, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:08:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 23, "corpus": 987, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 11, "coverage": 11777, "distributor delayed": 547, "distributor undelayed": 547, "distributor violated": 0, "exec candidate": 2467, "exec collide": 8986, "exec fuzz": 16864, "exec gen": 890, "exec hints": 3358, "exec inject": 0, "exec minimize": 13736, "exec retries": 0, "exec seeds": 2894, "exec smash": 20236, "exec total [base]": 27913, "exec total [new]": 79424, "exec triage": 2660, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 504, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 127, "max signal": 12200, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7009, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1139, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 233, "reproducing": 0, "rpc recv": 2194576832, "rpc sent": 146574440, "signal": 11305, "smash jobs": 368, "triage jobs": 9, "vm output": 307508, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:13:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1168, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 97, "coverage": 12400, "distributor delayed": 643, "distributor undelayed": 643, "distributor violated": 0, "exec candidate": 2467, "exec collide": 13133, "exec fuzz": 24799, "exec gen": 1353, "exec hints": 6829, "exec inject": 0, "exec minimize": 17227, "exec retries": 0, "exec seeds": 3475, "exec smash": 28733, "exec total [base]": 37492, "exec total [new]": 108536, "exec triage": 3189, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 60, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 25, "max signal": 12891, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8573, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1364, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 262, "reproducing": 0, "rpc recv": 3164378896, "rpc sent": 216779280, "signal": 11904, "smash jobs": 23, "triage jobs": 12, "vm output": 411273, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:18:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 53, "corpus": 1274, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 172, "coverage": 12629, "distributor delayed": 693, "distributor undelayed": 693, "distributor violated": 0, "exec candidate": 2467, "exec collide": 19250, "exec fuzz": 36356, "exec gen": 1957, "exec hints": 8859, "exec inject": 0, "exec minimize": 19226, "exec retries": 0, "exec seeds": 3792, "exec smash": 31484, "exec total [base]": 46017, "exec total [new]": 134230, "exec triage": 3504, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13284, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9488, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1491, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 308, "reproducing": 0, "rpc recv": 3933477208, "rpc sent": 284504096, "signal": 12108, "smash jobs": 8, "triage jobs": 3, "vm output": 606708, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:23:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 68, "corpus": 1375, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 269, "coverage": 13014, "distributor delayed": 741, "distributor undelayed": 741, "distributor violated": 0, "exec candidate": 2467, "exec collide": 25407, "exec fuzz": 47835, "exec gen": 2592, "exec hints": 9524, "exec inject": 0, "exec minimize": 21035, "exec retries": 0, "exec seeds": 4095, "exec smash": 34034, "exec total [base]": 54034, "exec total [new]": 158113, "exec triage": 3790, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13716, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10304, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1614, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 372, "reproducing": 0, "rpc recv": 4660276220, "rpc sent": 357068856, "signal": 12440, "smash jobs": 8, "triage jobs": 5, "vm output": 785206, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:28:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1459, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 387, "coverage": 13247, "distributor delayed": 776, "distributor undelayed": 776, "distributor violated": 0, "exec candidate": 2467, "exec collide": 31590, "exec fuzz": 59842, "exec gen": 3233, "exec hints": 9897, "exec inject": 0, "exec minimize": 22441, "exec retries": 0, "exec seeds": 4348, "exec smash": 36166, "exec total [base]": 61715, "exec total [new]": 181318, "exec triage": 3998, "executor restarts [base]": 27, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13943, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10965, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1704, "no exec duration": 9041000000, "no exec requests": 13, "pending": 0, "prog exec time": 372, "reproducing": 0, "rpc recv": 5329127684, "rpc sent": 429782000, "signal": 12648, "smash jobs": 4, "triage jobs": 3, "vm output": 950696, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 19:30:10 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/30 19:30:10 repro loop terminated 2025/10/30 19:30:10 base: rpc server terminaled 2025/10/30 19:30:10 new: rpc server terminaled 2025/10/30 19:30:10 base: pool terminated 2025/10/30 19:30:10 base: kernel context loop terminated 2025/10/30 19:30:10 new: pool terminated 2025/10/30 19:30:10 new: kernel context loop terminated 2025/10/30 19:30:10 diff fuzzing terminated 2025/10/30 19:30:10 bug reporting terminated 2025/10/30 19:30:10 status reporting terminated 2025/10/30 19:30:10 fuzzing is finished 2025/10/30 19:30:10 status at the end: Title On-Base On-Patched