2025/08/01 21:29:16 extracted 302733 symbol hashes for base and 302735 for patched 2025/08/01 21:29:16 adding modified_functions to focus areas: ["__pfx_vfio_device_show_fdinfo" "_vfio_alloc_device" "nvmet_execute_disc_identify" "vfio_device_fops_unl_ioctl" "vfio_device_show_fdinfo"] 2025/08/01 21:29:16 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/08/01 21:29:16 adding directly modified files to focus areas: ["Documentation/filesystems/proc.rst" "drivers/vfio/vfio_main.c" "include/linux/vfio.h"] 2025/08/01 21:29:17 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/01 21:29:59 runner 6 connected 2025/08/01 21:29:59 runner 8 connected 2025/08/01 21:30:04 initializing coverage information... 2025/08/01 21:30:05 runner 0 connected 2025/08/01 21:30:05 runner 3 connected 2025/08/01 21:30:06 runner 1 connected 2025/08/01 21:30:06 runner 3 connected 2025/08/01 21:30:06 runner 0 connected 2025/08/01 21:30:06 runner 2 connected 2025/08/01 21:30:06 runner 2 connected 2025/08/01 21:30:06 runner 9 connected 2025/08/01 21:30:06 runner 7 connected 2025/08/01 21:30:07 runner 5 connected 2025/08/01 21:30:07 runner 4 connected 2025/08/01 21:30:08 discovered 7668 source files, 337509 symbols 2025/08/01 21:30:08 coverage filter: __pfx_vfio_device_show_fdinfo: [] 2025/08/01 21:30:08 coverage filter: _vfio_alloc_device: [_vfio_alloc_device] 2025/08/01 21:30:08 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/01 21:30:08 coverage filter: vfio_device_fops_unl_ioctl: [vfio_device_fops_unl_ioctl] 2025/08/01 21:30:08 coverage filter: vfio_device_show_fdinfo: [vfio_device_show_fdinfo] 2025/08/01 21:30:08 coverage filter: Documentation/filesystems/proc.rst: [] 2025/08/01 21:30:08 coverage filter: drivers/vfio/vfio_main.c: [drivers/vfio/vfio_main.c] 2025/08/01 21:30:08 coverage filter: include/linux/vfio.h: [] 2025/08/01 21:30:08 area "symbols": 92 PCs in the cover filter 2025/08/01 21:30:08 area "files": 467 PCs in the cover filter 2025/08/01 21:30:08 area "": 0 PCs in the cover filter 2025/08/01 21:30:08 executor cover filter: 0 PCs 2025/08/01 21:30:10 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/01 21:30:10 new: machine check complete 2025/08/01 21:30:11 executor cover filter: 0 PCs 2025/08/01 21:30:12 new: adding 2061 seeds 2025/08/01 21:30:13 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/01 21:30:13 base: machine check complete 2025/08/01 21:30:18 triaged 97.4% of the corpus 2025/08/01 21:30:18 starting bug reproductions 2025/08/01 21:30:18 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/01 21:30:48 triaged 100.0% of the corpus 2025/08/01 21:34:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 793, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 10480, "distributor delayed": 549, "distributor undelayed": 549, "distributor violated": 0, "exec candidate": 2061, "exec collide": 4745, "exec fuzz": 8809, "exec gen": 438, "exec hints": 1605, "exec inject": 0, "exec minimize": 10725, "exec retries": 0, "exec seeds": 2242, "exec smash": 9985, "exec total [base]": 25455, "exec total [new]": 48907, "exec triage": 2160, "executor restarts": 46, "fault jobs": 0, "fuzzer jobs": 947, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 198, "max signal": 11109, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5632, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 922, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 202, "reproducing": 0, "rpc recv": 936917040, "rpc sent": 78620944, "signal": 10052, "smash jobs": 733, "triage jobs": 16, "vm output": 258076, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/01 21:39:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1047, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 11852, "distributor delayed": 675, "distributor undelayed": 675, "distributor violated": 0, "exec candidate": 2061, "exec collide": 9874, "exec fuzz": 18689, "exec gen": 904, "exec hints": 4012, "exec inject": 0, "exec minimize": 15079, "exec retries": 0, "exec seeds": 3094, "exec smash": 22204, "exec total [base]": 41821, "exec total [new]": 84865, "exec triage": 2814, "executor restarts": 46, "fault jobs": 0, "fuzzer jobs": 494, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 112, "max signal": 12422, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7594, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1211, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 216, "reproducing": 0, "rpc recv": 1316803192, "rpc sent": 164298120, "signal": 11312, "smash jobs": 371, "triage jobs": 11, "vm output": 398987, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/01 21:44:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1279, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12636, "distributor delayed": 781, "distributor undelayed": 781, "distributor violated": 0, "exec candidate": 2061, "exec collide": 15251, "exec fuzz": 28640, "exec gen": 1419, "exec hints": 9054, "exec inject": 0, "exec minimize": 18761, "exec retries": 0, "exec seeds": 3835, "exec smash": 31887, "exec total [base]": 57686, "exec total [new]": 120426, "exec triage": 3385, "executor restarts": 46, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 19, "max signal": 13228, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9319, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1470, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 215, "reproducing": 0, "rpc recv": 1597234856, "rpc sent": 258942352, "signal": 12054, "smash jobs": 5, "triage jobs": 0, "vm output": 562590, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/01 21:49:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1362, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12902, "distributor delayed": 832, "distributor undelayed": 832, "distributor violated": 0, "exec candidate": 2061, "exec collide": 23473, "exec fuzz": 44360, "exec gen": 2229, "exec hints": 12317, "exec inject": 0, "exec minimize": 20241, "exec retries": 0, "exec seeds": 4088, "exec smash": 34012, "exec total [base]": 72434, "exec total [new]": 152519, "exec triage": 3602, "executor restarts": 46, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 13544, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10002, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1569, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 235, "reproducing": 0, "rpc recv": 1739478536, "rpc sent": 359525344, "signal": 12314, "smash jobs": 4, "triage jobs": 3, "vm output": 800115, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/01 21:50:10 runner 1 connected 2025/08/01 21:54:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1440, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13087, "distributor delayed": 863, "distributor undelayed": 863, "distributor violated": 0, "exec candidate": 2061, "exec collide": 32780, "exec fuzz": 62285, "exec gen": 3152, "exec hints": 14400, "exec inject": 0, "exec minimize": 21491, "exec retries": 0, "exec seeds": 4324, "exec smash": 35966, "exec total [base]": 86396, "exec total [new]": 186414, "exec triage": 3817, "executor restarts": 49, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13877, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10602, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1664, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 254, "reproducing": 0, "rpc recv": 1885501064, "rpc sent": 466060944, "signal": 12509, "smash jobs": 5, "triage jobs": 5, "vm output": 1028455, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/01 21:59:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1548, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13518, "distributor delayed": 913, "distributor undelayed": 913, "distributor violated": 0, "exec candidate": 2061, "exec collide": 41576, "exec fuzz": 78791, "exec gen": 4053, "exec hints": 15796, "exec inject": 0, "exec minimize": 23458, "exec retries": 0, "exec seeds": 4649, "exec smash": 38640, "exec total [base]": 99734, "exec total [new]": 219260, "exec triage": 4096, "executor restarts": 49, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14199, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11559, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1787, "no exec duration": 12223000000, "no exec requests": 276, "pending": 0, "prog exec time": 261, "reproducing": 0, "rpc recv": 2066067904, "rpc sent": 570672368, "signal": 12885, "smash jobs": 9, "triage jobs": 5, "vm output": 1327870, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/01 22:00:48 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/01 22:00:48 syz-diff (base): kernel context loop terminated 2025/08/01 22:00:48 syz-diff (new): kernel context loop terminated 2025/08/01 22:00:48 diff fuzzing terminated 2025/08/01 22:00:48 bug reporting terminated 2025/08/01 22:00:48 status reporting terminated 2025/08/01 22:00:48 fuzzing is finished 2025/08/01 22:00:48 status at the end: Title On-Base On-Patched