2025/12/18 09:08:53 extracted 324419 text symbol hashes for base and 324419 for patched 2025/12/18 09:08:53 binaries are different, continuing fuzzing 2025/12/18 09:08:53 adding modified_functions to focus areas: ["vfio_pci_bar_rw" "vfio_pci_core_do_io_rw"] 2025/12/18 09:08:53 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_rdwr.c" "include/linux/vfio_pci_core.h"] 2025/12/18 09:08:53 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/12/18 09:09:58 runner 7 connected 2025/12/18 09:09:59 runner 3 connected 2025/12/18 09:09:59 runner 5 connected 2025/12/18 09:10:00 runner 2 connected 2025/12/18 09:10:00 runner 0 connected 2025/12/18 09:10:00 runner 6 connected 2025/12/18 09:10:00 runner 2 connected 2025/12/18 09:10:00 runner 1 connected 2025/12/18 09:10:01 runner 1 connected 2025/12/18 09:10:01 runner 8 connected 2025/12/18 09:10:01 runner 4 connected 2025/12/18 09:10:02 runner 0 connected 2025/12/18 09:10:06 initializing coverage information... 2025/12/18 09:10:07 executor cover filter: 0 PCs 2025/12/18 09:10:09 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/18 09:10:09 base: machine check complete 2025/12/18 09:10:12 discovered 7639 source files, 335817 symbols 2025/12/18 09:10:12 coverage filter: vfio_pci_bar_rw: [vfio_pci_bar_rw] 2025/12/18 09:10:12 coverage filter: vfio_pci_core_do_io_rw: [vfio_pci_core_do_io_rw] 2025/12/18 09:10:12 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/12/18 09:10:12 coverage filter: drivers/vfio/pci/vfio_pci_rdwr.c: [drivers/vfio/pci/vfio_pci_rdwr.c] 2025/12/18 09:10:12 coverage filter: include/linux/vfio_pci_core.h: [] 2025/12/18 09:10:12 area "symbols": 115 PCs in the cover filter 2025/12/18 09:10:12 area "files": 246 PCs in the cover filter 2025/12/18 09:10:12 area "": 0 PCs in the cover filter 2025/12/18 09:10:12 executor cover filter: 0 PCs 2025/12/18 09:10:13 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/18 09:10:13 new: machine check complete 2025/12/18 09:10:17 new: adding 2497 seeds 2025/12/18 09:10:25 triaged 97.0% of the corpus 2025/12/18 09:10:25 starting bug reproductions 2025/12/18 09:10:25 starting bug reproductions (max 6 VMs, 4 repros) 2025/12/18 09:10:55 triaged 100.0% of the corpus 2025/12/18 09:13:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 1, "corpus": 649, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 9614, "distributor delayed": 427, "distributor undelayed": 427, "distributor violated": 0, "exec candidate": 2497, "exec collide": 3804, "exec fuzz": 7244, "exec gen": 401, "exec hints": 1018, "exec inject": 0, "exec minimize": 8365, "exec retries": 0, "exec seeds": 1826, "exec smash": 8311, "exec total [base]": 16218, "exec total [new]": 42738, "exec triage": 1837, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 700, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 108, "max signal": 10338, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4483, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 772, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 195, "reproducing": 0, "rpc recv": 1172682476, "rpc sent": 56005160, "signal": 9142, "smash jobs": 582, "triage jobs": 10, "vm output": 191398, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:18:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 29, "corpus": 918, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 160, "coverage": 11839, "distributor delayed": 547, "distributor undelayed": 547, "distributor violated": 0, "exec candidate": 2497, "exec collide": 8818, "exec fuzz": 16656, "exec gen": 875, "exec hints": 3194, "exec inject": 0, "exec minimize": 12709, "exec retries": 0, "exec seeds": 2708, "exec smash": 20146, "exec total [base]": 28118, "exec total [new]": 77620, "exec triage": 2581, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 333, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 75, "max signal": 12455, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6522, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1091, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 2096843312, "rpc sent": 136241224, "signal": 10885, "smash jobs": 246, "triage jobs": 12, "vm output": 292470, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:23:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 54, "corpus": 1075, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 468, "coverage": 12533, "distributor delayed": 640, "distributor undelayed": 640, "distributor violated": 0, "exec candidate": 2497, "exec collide": 14400, "exec fuzz": 27472, "exec gen": 1444, "exec hints": 6002, "exec inject": 0, "exec minimize": 15166, "exec retries": 0, "exec seeds": 3195, "exec smash": 26461, "exec total [base]": 37985, "exec total [new]": 107148, "exec triage": 3072, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13115, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7600, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1288, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 343, "reproducing": 0, "rpc recv": 2882661388, "rpc sent": 209994448, "signal": 11406, "smash jobs": 11, "triage jobs": 7, "vm output": 416102, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:28:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1191, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 802, "coverage": 12970, "distributor delayed": 703, "distributor undelayed": 703, "distributor violated": 0, "exec candidate": 2497, "exec collide": 21268, "exec fuzz": 40247, "exec gen": 2116, "exec hints": 6843, "exec inject": 0, "exec minimize": 17111, "exec retries": 0, "exec seeds": 3549, "exec smash": 29490, "exec total [base]": 46795, "exec total [new]": 133976, "exec triage": 3420, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13625, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8512, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1429, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 321, "reproducing": 0, "rpc recv": 3565661100, "rpc sent": 284648784, "signal": 11830, "smash jobs": 7, "triage jobs": 3, "vm output": 585089, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:33:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 82, "corpus": 1278, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1121, "coverage": 13217, "distributor delayed": 749, "distributor undelayed": 749, "distributor violated": 0, "exec candidate": 2497, "exec collide": 28245, "exec fuzz": 53482, "exec gen": 2830, "exec hints": 7252, "exec inject": 0, "exec minimize": 18670, "exec retries": 0, "exec seeds": 3810, "exec smash": 31690, "exec total [base]": 55202, "exec total [new]": 159608, "exec triage": 3695, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 13919, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9229, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1545, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 332, "reproducing": 0, "rpc recv": 4216771856, "rpc sent": 358198400, "signal": 12084, "smash jobs": 6, "triage jobs": 5, "vm output": 730215, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:38:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1351, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1418, "coverage": 13494, "distributor delayed": 805, "distributor undelayed": 805, "distributor violated": 0, "exec candidate": 2497, "exec collide": 35569, "exec fuzz": 67341, "exec gen": 3533, "exec hints": 7549, "exec inject": 0, "exec minimize": 19808, "exec retries": 0, "exec seeds": 4029, "exec smash": 33539, "exec total [base]": 63658, "exec total [new]": 185208, "exec triage": 3907, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14201, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9768, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1634, "no exec duration": 20019000000, "no exec requests": 22, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 4801072652, "rpc sent": 433506672, "signal": 12352, "smash jobs": 3, "triage jobs": 3, "vm output": 872452, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 09:40:55 fuzzer has not reached the modified code in 30m0s, aborting 2025/12/18 09:40:55 repro loop terminated 2025/12/18 09:40:55 base: rpc server terminaled 2025/12/18 09:40:55 new: rpc server terminaled 2025/12/18 09:40:55 new: pool terminated 2025/12/18 09:40:55 new: kernel context loop terminated 2025/12/18 09:40:55 base: pool terminated 2025/12/18 09:40:55 base: kernel context loop terminated 2025/12/18 09:40:55 diff fuzzing terminated 2025/12/18 09:40:55 status reporting terminated 2025/12/18 09:40:55 bug reporting terminated 2025/12/18 09:40:55 fuzzing is finished 2025/12/18 09:40:55 status at the end: Title On-Base On-Patched