2025/10/31 19:39:18 extracted 321630 text symbol hashes for base and 321630 for patched 2025/10/31 19:39:18 binaries are different, continuing fuzzing 2025/10/31 19:39:19 adding modified_functions to focus areas: ["vfio_df_ioctl_bind_iommufd"] 2025/10/31 19:39:19 adding directly modified files to focus areas: ["drivers/vfio/device_cdev.c" "drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c"] 2025/10/31 19:39:19 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/31 19:40:17 runner 2 connected 2025/10/31 19:40:17 runner 6 connected 2025/10/31 19:40:17 runner 4 connected 2025/10/31 19:40:17 runner 7 connected 2025/10/31 19:40:17 runner 1 connected 2025/10/31 19:40:17 runner 8 connected 2025/10/31 19:40:18 runner 0 connected 2025/10/31 19:40:18 runner 3 connected 2025/10/31 19:40:18 runner 1 connected 2025/10/31 19:40:18 runner 0 connected 2025/10/31 19:40:18 runner 2 connected 2025/10/31 19:40:18 runner 5 connected 2025/10/31 19:40:23 initializing coverage information... 2025/10/31 19:40:23 executor cover filter: 0 PCs 2025/10/31 19:40:26 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/31 19:40:26 base: machine check complete 2025/10/31 19:40:27 discovered 7601 source files, 332486 symbols 2025/10/31 19:40:28 coverage filter: vfio_df_ioctl_bind_iommufd: [vfio_df_ioctl_bind_iommufd] 2025/10/31 19:40:28 coverage filter: drivers/vfio/device_cdev.c: [drivers/vfio/device_cdev.c] 2025/10/31 19:40:28 coverage filter: drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c: [] 2025/10/31 19:40:28 area "symbols": 34 PCs in the cover filter 2025/10/31 19:40:28 area "files": 97 PCs in the cover filter 2025/10/31 19:40:28 area "": 0 PCs in the cover filter 2025/10/31 19:40:28 executor cover filter: 0 PCs 2025/10/31 19:40:28 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/31 19:40:28 new: machine check complete 2025/10/31 19:40:32 new: adding 2477 seeds 2025/10/31 19:40:51 triaged 97.6% of the corpus 2025/10/31 19:40:51 starting bug reproductions 2025/10/31 19:40:51 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/31 19:41:21 triaged 100.0% of the corpus 2025/10/31 19:44:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 728, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9559, "distributor delayed": 461, "distributor undelayed": 461, "distributor violated": 0, "exec candidate": 2477, "exec collide": 4457, "exec fuzz": 8420, "exec gen": 427, "exec hints": 1337, "exec inject": 0, "exec minimize": 9377, "exec retries": 0, "exec seeds": 2022, "exec smash": 9737, "exec total [base]": 17511, "exec total [new]": 47579, "exec triage": 1962, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 750, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 137, "max signal": 9905, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5076, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 832, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 176, "reproducing": 0, "rpc recv": 1258762920, "rpc sent": 65987736, "signal": 9076, "smash jobs": 601, "triage jobs": 12, "vm output": 180987, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 19:49:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 20, "corpus": 1002, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 33, "coverage": 12109, "distributor delayed": 613, "distributor undelayed": 613, "distributor violated": 0, "exec candidate": 2477, "exec collide": 9588, "exec fuzz": 18107, "exec gen": 917, "exec hints": 3796, "exec inject": 0, "exec minimize": 14103, "exec retries": 0, "exec seeds": 2939, "exec smash": 21673, "exec total [base]": 29774, "exec total [new]": 83666, "exec triage": 2703, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 391, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 104, "max signal": 12520, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7215, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1161, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 2242453592, "rpc sent": 146971704, "signal": 11648, "smash jobs": 274, "triage jobs": 13, "vm output": 287049, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 19:54:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1179, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 51, "coverage": 12901, "distributor delayed": 702, "distributor undelayed": 702, "distributor violated": 0, "exec candidate": 2477, "exec collide": 14426, "exec fuzz": 27157, "exec gen": 1419, "exec hints": 7422, "exec inject": 0, "exec minimize": 17207, "exec retries": 0, "exec seeds": 3504, "exec smash": 29040, "exec total [base]": 39406, "exec total [new]": 113219, "exec triage": 3204, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 8, "max signal": 13367, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8590, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1373, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 215, "reproducing": 0, "rpc recv": 3142740244, "rpc sent": 214153872, "signal": 12441, "smash jobs": 13, "triage jobs": 7, "vm output": 565626, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 19:59:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1303, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 62, "coverage": 13239, "distributor delayed": 754, "distributor undelayed": 754, "distributor violated": 0, "exec candidate": 2477, "exec collide": 20980, "exec fuzz": 39298, "exec gen": 2066, "exec hints": 9108, "exec inject": 0, "exec minimize": 19257, "exec retries": 0, "exec seeds": 3885, "exec smash": 32288, "exec total [base]": 48310, "exec total [new]": 140265, "exec triage": 3544, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13722, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9510, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1521, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 3841268548, "rpc sent": 278625160, "signal": 12754, "smash jobs": 9, "triage jobs": 7, "vm output": 814233, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 20:04:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 74, "corpus": 1398, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 79, "coverage": 13507, "distributor delayed": 807, "distributor undelayed": 807, "distributor violated": 0, "exec candidate": 2477, "exec collide": 27731, "exec fuzz": 52115, "exec gen": 2762, "exec hints": 9884, "exec inject": 0, "exec minimize": 20990, "exec retries": 0, "exec seeds": 4173, "exec smash": 34737, "exec total [base]": 56867, "exec total [new]": 166048, "exec triage": 3816, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14088, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10262, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1637, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 288, "reproducing": 0, "rpc recv": 4529333904, "rpc sent": 343777504, "signal": 13009, "smash jobs": 4, "triage jobs": 2, "vm output": 1041467, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 20:09:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1452, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 92, "coverage": 13663, "distributor delayed": 845, "distributor undelayed": 845, "distributor violated": 0, "exec candidate": 2477, "exec collide": 35174, "exec fuzz": 66238, "exec gen": 3528, "exec hints": 9956, "exec inject": 0, "exec minimize": 22021, "exec retries": 0, "exec seeds": 4334, "exec smash": 36075, "exec total [base]": 65084, "exec total [new]": 191161, "exec triage": 3996, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14349, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10739, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1713, "no exec duration": 20058000000, "no exec requests": 32, "pending": 0, "prog exec time": 330, "reproducing": 0, "rpc recv": 5108495628, "rpc sent": 409771080, "signal": 13140, "smash jobs": 5, "triage jobs": 4, "vm output": 1233694, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/31 20:11:21 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/31 20:11:21 repro loop terminated 2025/10/31 20:11:21 base: rpc server terminaled 2025/10/31 20:11:21 new: rpc server terminaled 2025/10/31 20:11:21 base: pool terminated 2025/10/31 20:11:21 base: kernel context loop terminated 2025/10/31 20:11:21 new: pool terminated 2025/10/31 20:11:21 new: kernel context loop terminated 2025/10/31 20:11:21 diff fuzzing terminated 2025/10/31 20:11:21 bug reporting terminated 2025/10/31 20:11:21 status reporting terminated 2025/10/31 20:11:21 fuzzing is finished 2025/10/31 20:11:21 status at the end: Title On-Base On-Patched