2025/08/04 20:34:59 extracted 302733 symbol hashes for base and 302735 for patched 2025/08/04 20:34:59 adding modified_functions to focus areas: ["__pfx_vfio_device_show_fdinfo" "_vfio_alloc_device" "nvmet_execute_disc_identify" "vfio_device_fops_unl_ioctl" "vfio_device_show_fdinfo"] 2025/08/04 20:34:59 adding directly modified files to focus areas: ["Documentation/filesystems/proc.rst" "drivers/vfio/vfio_main.c"] 2025/08/04 20:35:00 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/04 20:35:49 runner 3 connected 2025/08/04 20:35:49 runner 1 connected 2025/08/04 20:35:50 runner 0 connected 2025/08/04 20:35:50 runner 4 connected 2025/08/04 20:35:50 runner 6 connected 2025/08/04 20:35:50 runner 7 connected 2025/08/04 20:35:50 runner 0 connected 2025/08/04 20:35:50 runner 1 connected 2025/08/04 20:35:50 runner 5 connected 2025/08/04 20:35:51 runner 2 connected 2025/08/04 20:35:51 runner 2 connected 2025/08/04 20:35:51 runner 9 connected 2025/08/04 20:35:51 runner 8 connected 2025/08/04 20:35:55 initializing coverage information... 2025/08/04 20:35:56 executor cover filter: 0 PCs 2025/08/04 20:35:57 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/04 20:35:57 base: machine check complete 2025/08/04 20:35:59 discovered 7668 source files, 337509 symbols 2025/08/04 20:36:00 coverage filter: __pfx_vfio_device_show_fdinfo: [] 2025/08/04 20:36:00 coverage filter: _vfio_alloc_device: [_vfio_alloc_device] 2025/08/04 20:36:00 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/04 20:36:00 coverage filter: vfio_device_fops_unl_ioctl: [vfio_device_fops_unl_ioctl] 2025/08/04 20:36:00 coverage filter: vfio_device_show_fdinfo: [vfio_device_show_fdinfo] 2025/08/04 20:36:00 coverage filter: Documentation/filesystems/proc.rst: [] 2025/08/04 20:36:00 coverage filter: drivers/vfio/vfio_main.c: [drivers/vfio/vfio_main.c] 2025/08/04 20:36:00 area "symbols": 92 PCs in the cover filter 2025/08/04 20:36:00 area "files": 467 PCs in the cover filter 2025/08/04 20:36:00 area "": 0 PCs in the cover filter 2025/08/04 20:36:00 executor cover filter: 0 PCs 2025/08/04 20:36:01 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/04 20:36:01 new: machine check complete 2025/08/04 20:36:02 triaged 100.0% of the corpus 2025/08/04 20:36:02 starting bug reproductions 2025/08/04 20:36:02 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/04 20:36:02 triaged 100.0% of the corpus 2025/08/04 20:36:04 new: adding 2209 seeds 2025/08/04 20:40:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 763, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 10782, "distributor delayed": 499, "distributor undelayed": 499, "distributor violated": 0, "exec candidate": 2209, "exec collide": 5542, "exec fuzz": 10566, "exec gen": 546, "exec hints": 1885, "exec inject": 0, "exec minimize": 10110, "exec retries": 0, "exec seeds": 2177, "exec smash": 12341, "exec total [base]": 18933, "exec total [new]": 54003, "exec triage": 2037, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 806, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 147, "max signal": 11136, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5313, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 875, "no exec duration": 22370000000, "no exec requests": 270, "pending": 0, "prog exec time": 189, "reproducing": 0, "rpc recv": 865771888, "rpc sent": 89832432, "signal": 10357, "smash jobs": 643, "triage jobs": 16, "vm output": 253010, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/04 20:45:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1070, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12166, "distributor delayed": 635, "distributor undelayed": 635, "distributor violated": 0, "exec candidate": 2209, "exec collide": 11324, "exec fuzz": 21380, "exec gen": 1119, "exec hints": 5269, "exec inject": 0, "exec minimize": 15277, "exec retries": 0, "exec seeds": 3171, "exec smash": 25129, "exec total [base]": 31328, "exec total [new]": 94344, "exec triage": 2874, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 227, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 70, "max signal": 12577, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7720, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1236, "no exec duration": 22371000000, "no exec requests": 271, "pending": 0, "prog exec time": 219, "reproducing": 0, "rpc recv": 1300896308, "rpc sent": 195867584, "signal": 11673, "smash jobs": 148, "triage jobs": 9, "vm output": 437270, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/04 20:45:48 runner 3 connected 2025/08/04 20:50:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1228, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12566, "distributor delayed": 702, "distributor undelayed": 702, "distributor violated": 0, "exec candidate": 2209, "exec collide": 19359, "exec fuzz": 36799, "exec gen": 1918, "exec hints": 8495, "exec inject": 0, "exec minimize": 17821, "exec retries": 0, "exec seeds": 3679, "exec smash": 30589, "exec total [base]": 45433, "exec total [new]": 130756, "exec triage": 3298, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13000, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8867, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1421, "no exec duration": 22371000000, "no exec requests": 271, "pending": 0, "prog exec time": 234, "reproducing": 0, "rpc recv": 1559671072, "rpc sent": 309706304, "signal": 12010, "smash jobs": 7, "triage jobs": 8, "vm output": 701775, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 20:55:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1368, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13206, "distributor delayed": 781, "distributor undelayed": 781, "distributor violated": 0, "exec candidate": 2209, "exec collide": 27434, "exec fuzz": 52339, "exec gen": 2689, "exec hints": 9998, "exec inject": 0, "exec minimize": 20328, "exec retries": 0, "exec seeds": 4114, "exec smash": 34154, "exec total [base]": 58700, "exec total [new]": 163530, "exec triage": 3676, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13677, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10045, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1584, "no exec duration": 22371000000, "no exec requests": 271, "pending": 0, "prog exec time": 319, "reproducing": 0, "rpc recv": 1791447852, "rpc sent": 414823744, "signal": 12670, "smash jobs": 11, "triage jobs": 5, "vm output": 1026032, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 21:00:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1470, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13573, "distributor delayed": 827, "distributor undelayed": 827, "distributor violated": 0, "exec candidate": 2209, "exec collide": 35755, "exec fuzz": 67955, "exec gen": 3553, "exec hints": 10415, "exec inject": 0, "exec minimize": 21929, "exec retries": 0, "exec seeds": 4422, "exec smash": 36825, "exec total [base]": 71083, "exec total [new]": 193606, "exec triage": 3953, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14098, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10787, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1702, "no exec duration": 22371000000, "no exec requests": 271, "pending": 0, "prog exec time": 303, "reproducing": 0, "rpc recv": 1953253812, "rpc sent": 526076264, "signal": 13016, "smash jobs": 2, "triage jobs": 2, "vm output": 1319863, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 21:05:02 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1547, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13769, "distributor delayed": 859, "distributor undelayed": 859, "distributor violated": 0, "exec candidate": 2209, "exec collide": 44176, "exec fuzz": 83724, "exec gen": 4411, "exec hints": 10555, "exec inject": 0, "exec minimize": 23237, "exec retries": 0, "exec seeds": 4654, "exec smash": 38708, "exec total [base]": 82907, "exec total [new]": 222413, "exec triage": 4149, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14300, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11372, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1787, "no exec duration": 22371000000, "no exec requests": 271, "pending": 0, "prog exec time": 338, "reproducing": 0, "rpc recv": 2093335660, "rpc sent": 633956376, "signal": 13218, "smash jobs": 7, "triage jobs": 2, "vm output": 1576265, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 21:06:02 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/04 21:06:02 syz-diff (base): kernel context loop terminated 2025/08/04 21:06:02 syz-diff (new): kernel context loop terminated 2025/08/04 21:06:02 diff fuzzing terminated 2025/08/04 21:06:02 bug reporting terminated 2025/08/04 21:06:02 status reporting terminated 2025/08/04 21:06:02 fuzzing is finished 2025/08/04 21:06:02 status at the end: Title On-Base On-Patched