2025/12/12 03:00:10 extracted 322796 text symbol hashes for base and 322796 for patched 2025/12/12 03:00:10 binaries are different, continuing fuzzing 2025/12/12 03:00:11 adding modified_functions to focus areas: ["vfio_pci_bar_rw" "vfio_pci_core_do_io_rw"] 2025/12/12 03:00:11 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_rdwr.c" "include/linux/vfio_pci_core.h"] 2025/12/12 03:00:11 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/12/12 03:01:17 runner 8 connected 2025/12/12 03:01:17 runner 5 connected 2025/12/12 03:01:18 runner 3 connected 2025/12/12 03:01:18 runner 1 connected 2025/12/12 03:01:18 runner 0 connected 2025/12/12 03:01:18 runner 2 connected 2025/12/12 03:01:18 runner 2 connected 2025/12/12 03:01:18 runner 0 connected 2025/12/12 03:01:18 runner 4 connected 2025/12/12 03:01:18 runner 1 connected 2025/12/12 03:01:19 runner 6 connected 2025/12/12 03:01:20 runner 7 connected 2025/12/12 03:01:24 initializing coverage information... 2025/12/12 03:01:25 executor cover filter: 0 PCs 2025/12/12 03:01:27 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/12 03:01:27 base: machine check complete 2025/12/12 03:01:29 discovered 7609 source files, 333750 symbols 2025/12/12 03:01:30 coverage filter: vfio_pci_bar_rw: [vfio_pci_bar_rw] 2025/12/12 03:01:30 coverage filter: vfio_pci_core_do_io_rw: [vfio_pci_core_do_io_rw] 2025/12/12 03:01:30 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/12/12 03:01:30 coverage filter: drivers/vfio/pci/vfio_pci_rdwr.c: [drivers/vfio/pci/vfio_pci_rdwr.c] 2025/12/12 03:01:30 coverage filter: include/linux/vfio_pci_core.h: [] 2025/12/12 03:01:30 area "symbols": 112 PCs in the cover filter 2025/12/12 03:01:30 area "files": 243 PCs in the cover filter 2025/12/12 03:01:30 area "": 0 PCs in the cover filter 2025/12/12 03:01:30 executor cover filter: 0 PCs 2025/12/12 03:01:31 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/12 03:01:31 new: machine check complete 2025/12/12 03:01:35 new: adding 2398 seeds 2025/12/12 03:01:44 triaged 97.0% of the corpus 2025/12/12 03:01:44 starting bug reproductions 2025/12/12 03:01:44 starting bug reproductions (max 6 VMs, 4 repros) 2025/12/12 03:02:14 triaged 100.0% of the corpus 2025/12/12 03:05:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 740, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9785, "distributor delayed": 409, "distributor undelayed": 409, "distributor violated": 0, "exec candidate": 2398, "exec collide": 3632, "exec fuzz": 6758, "exec gen": 351, "exec hints": 1096, "exec inject": 0, "exec minimize": 9339, "exec retries": 0, "exec seeds": 2029, "exec smash": 7376, "exec total [base]": 15914, "exec total [new]": 42106, "exec triage": 1982, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 914, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 194, "max signal": 10276, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4956, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 839, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 238, "reproducing": 0, "rpc recv": 1176757180, "rpc sent": 48806160, "signal": 9211, "smash jobs": 711, "triage jobs": 9, "vm output": 185126, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:10:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 34, "corpus": 1001, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 94, "coverage": 11924, "distributor delayed": 547, "distributor undelayed": 547, "distributor violated": 0, "exec candidate": 2398, "exec collide": 8120, "exec fuzz": 15536, "exec gen": 792, "exec hints": 2893, "exec inject": 0, "exec minimize": 13576, "exec retries": 0, "exec seeds": 2868, "exec smash": 18444, "exec total [base]": 26967, "exec total [new]": 74484, "exec triage": 2711, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 796, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 165, "max signal": 12411, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6888, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1153, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 311, "reproducing": 0, "rpc recv": 2124922628, "rpc sent": 112180256, "signal": 11196, "smash jobs": 622, "triage jobs": 9, "vm output": 268135, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:15:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1172, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 201, "coverage": 12400, "distributor delayed": 649, "distributor undelayed": 649, "distributor violated": 0, "exec candidate": 2398, "exec collide": 12270, "exec fuzz": 23423, "exec gen": 1239, "exec hints": 5374, "exec inject": 0, "exec minimize": 16674, "exec retries": 0, "exec seeds": 3476, "exec smash": 27839, "exec total [base]": 36553, "exec total [new]": 103032, "exec triage": 3191, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 189, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 50, "max signal": 12947, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8362, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1355, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 233, "reproducing": 0, "rpc recv": 3005924476, "rpc sent": 172525104, "signal": 11679, "smash jobs": 129, "triage jobs": 10, "vm output": 368224, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:20:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 69, "corpus": 1294, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 273, "coverage": 12779, "distributor delayed": 712, "distributor undelayed": 712, "distributor violated": 0, "exec candidate": 2398, "exec collide": 17862, "exec fuzz": 34131, "exec gen": 1803, "exec hints": 7076, "exec inject": 0, "exec minimize": 18893, "exec retries": 0, "exec seeds": 3860, "exec smash": 32015, "exec total [base]": 45278, "exec total [new]": 128690, "exec triage": 3506, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 13271, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9375, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1488, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 343, "reproducing": 0, "rpc recv": 3740874224, "rpc sent": 233650656, "signal": 12031, "smash jobs": 13, "triage jobs": 2, "vm output": 477974, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:25:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 81, "corpus": 1391, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 382, "coverage": 13126, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2398, "exec collide": 23966, "exec fuzz": 46010, "exec gen": 2424, "exec hints": 7451, "exec inject": 0, "exec minimize": 20769, "exec retries": 0, "exec seeds": 4165, "exec smash": 34616, "exec total [base]": 53174, "exec total [new]": 152740, "exec triage": 3795, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13676, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10243, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1610, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 343, "reproducing": 0, "rpc recv": 4448635144, "rpc sent": 297450952, "signal": 12453, "smash jobs": 8, "triage jobs": 6, "vm output": 639348, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:30:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 88, "corpus": 1470, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 466, "coverage": 13407, "distributor delayed": 818, "distributor undelayed": 818, "distributor violated": 0, "exec candidate": 2398, "exec collide": 30550, "exec fuzz": 58266, "exec gen": 3038, "exec hints": 7568, "exec inject": 0, "exec minimize": 22233, "exec retries": 0, "exec seeds": 4403, "exec smash": 36540, "exec total [base]": 60786, "exec total [new]": 176180, "exec triage": 4040, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14044, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10949, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1710, "no exec duration": 22005000000, "no exec requests": 23, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 5091266812, "rpc sent": 362226536, "signal": 12726, "smash jobs": 12, "triage jobs": 4, "vm output": 783508, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/12 03:32:14 fuzzer has not reached the modified code in 30m0s, aborting 2025/12/12 03:32:14 repro loop terminated 2025/12/12 03:32:14 base: rpc server terminaled 2025/12/12 03:32:14 new: rpc server terminaled 2025/12/12 03:32:14 base: pool terminated 2025/12/12 03:32:14 base: kernel context loop terminated 2025/12/12 03:32:14 new: pool terminated 2025/12/12 03:32:14 new: kernel context loop terminated 2025/12/12 03:32:14 diff fuzzing terminated 2025/12/12 03:32:14 bug reporting terminated 2025/12/12 03:32:14 status reporting terminated 2025/12/12 03:32:14 fuzzing is finished 2025/12/12 03:32:14 status at the end: Title On-Base On-Patched