2025/09/16 18:48:00 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/16 18:48:01 symbol "vfio_pci_core_enable.__UNIQUE_ID_ddebug1022" has different values in base vs patch 2025/09/16 18:48:01 binaries are different, continuing fuzzing 2025/09/16 18:48:01 adding modified_functions to focus areas: ["vfio_pci_core_disable" "vfio_pci_core_ioctl"] 2025/09/16 18:48:01 adding directly modified files to focus areas: ["drivers/vfio/pci/vfio_pci_core.c" "include/uapi/linux/vfio.h"] 2025/09/16 18:48:02 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/16 18:48:59 runner 3 connected 2025/09/16 18:48:59 runner 8 connected 2025/09/16 18:48:59 runner 4 connected 2025/09/16 18:48:59 runner 7 connected 2025/09/16 18:48:59 runner 1 connected 2025/09/16 18:48:59 runner 3 connected 2025/09/16 18:48:59 runner 0 connected 2025/09/16 18:48:59 runner 9 connected 2025/09/16 18:48:59 runner 5 connected 2025/09/16 18:48:59 runner 6 connected 2025/09/16 18:49:00 runner 1 connected 2025/09/16 18:49:00 runner 0 connected 2025/09/16 18:49:00 runner 2 connected 2025/09/16 18:49:00 runner 2 connected 2025/09/16 18:49:06 initializing coverage information... 2025/09/16 18:49:06 executor cover filter: 0 PCs 2025/09/16 18:49:07 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/16 18:49:07 base: machine check complete 2025/09/16 18:49:10 discovered 7699 source files, 338653 symbols 2025/09/16 18:49:10 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/09/16 18:49:10 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/09/16 18:49:10 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/09/16 18:49:10 coverage filter: include/uapi/linux/vfio.h: [] 2025/09/16 18:49:10 area "symbols": 352 PCs in the cover filter 2025/09/16 18:49:10 area "files": 906 PCs in the cover filter 2025/09/16 18:49:10 area "": 0 PCs in the cover filter 2025/09/16 18:49:10 executor cover filter: 0 PCs 2025/09/16 18:49:11 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/16 18:49:11 new: machine check complete 2025/09/16 18:49:14 new: adding 2450 seeds 2025/09/16 18:49:33 triaged 97.8% of the corpus 2025/09/16 18:49:33 starting bug reproductions 2025/09/16 18:49:33 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/16 18:50:03 triaged 100.0% of the corpus 2025/09/16 18:53:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 782, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9839, "distributor delayed": 423, "distributor undelayed": 423, "distributor violated": 0, "exec candidate": 2450, "exec collide": 4966, "exec fuzz": 9361, "exec gen": 501, "exec hints": 1481, "exec inject": 0, "exec minimize": 10104, "exec retries": 0, "exec seeds": 2219, "exec smash": 10814, "exec total [base]": 23128, "exec total [new]": 51249, "exec triage": 2065, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 864, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 160, "max signal": 10279, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5415, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 890, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 148, "reproducing": 0, "rpc recv": 1567926756, "rpc sent": 83914320, "signal": 9426, "smash jobs": 694, "triage jobs": 10, "vm output": 248053, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 18:58:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1100, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12441, "distributor delayed": 564, "distributor undelayed": 564, "distributor violated": 0, "exec candidate": 2450, "exec collide": 10600, "exec fuzz": 20150, "exec gen": 1079, "exec hints": 4163, "exec inject": 0, "exec minimize": 15294, "exec retries": 0, "exec seeds": 3244, "exec smash": 24103, "exec total [base]": 39359, "exec total [new]": 91305, "exec triage": 2933, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 417, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 110, "max signal": 12832, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7759, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1262, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 207, "reproducing": 0, "rpc recv": 2879906328, "rpc sent": 181497200, "signal": 11898, "smash jobs": 300, "triage jobs": 7, "vm output": 391930, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 19:03:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1294, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 8, "coverage": 12993, "distributor delayed": 646, "distributor undelayed": 646, "distributor violated": 0, "exec candidate": 2450, "exec collide": 16312, "exec fuzz": 31140, "exec gen": 1633, "exec hints": 7759, "exec inject": 0, "exec minimize": 18768, "exec retries": 0, "exec seeds": 3897, "exec smash": 32379, "exec total [base]": 52774, "exec total [new]": 125082, "exec triage": 3451, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13443, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9368, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1489, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 4053194552, "rpc sent": 267823624, "signal": 12443, "smash jobs": 9, "triage jobs": 8, "vm output": 585060, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 19:08:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 61, "corpus": 1394, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 21, "coverage": 13241, "distributor delayed": 694, "distributor undelayed": 694, "distributor violated": 0, "exec candidate": 2450, "exec collide": 24335, "exec fuzz": 46235, "exec gen": 2413, "exec hints": 8629, "exec inject": 0, "exec minimize": 20702, "exec retries": 0, "exec seeds": 4203, "exec smash": 34960, "exec total [base]": 64556, "exec total [new]": 154931, "exec triage": 3713, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13711, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10255, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1606, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 4983526736, "rpc sent": 351243152, "signal": 12680, "smash jobs": 5, "triage jobs": 5, "vm output": 738398, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 19:13:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1484, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 31, "coverage": 13390, "distributor delayed": 729, "distributor undelayed": 729, "distributor violated": 0, "exec candidate": 2450, "exec collide": 32437, "exec fuzz": 61483, "exec gen": 3226, "exec hints": 8793, "exec inject": 0, "exec minimize": 22167, "exec retries": 0, "exec seeds": 4473, "exec smash": 37200, "exec total [base]": 75932, "exec total [new]": 183461, "exec triage": 3941, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13873, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10946, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1706, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 325, "reproducing": 0, "rpc recv": 5841165028, "rpc sent": 436177176, "signal": 12828, "smash jobs": 6, "triage jobs": 3, "vm output": 881879, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 19:18:03 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 90, "corpus": 1547, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 44, "coverage": 13626, "distributor delayed": 758, "distributor undelayed": 758, "distributor violated": 0, "exec candidate": 2450, "exec collide": 40627, "exec fuzz": 77140, "exec gen": 4069, "exec hints": 9001, "exec inject": 0, "exec minimize": 23312, "exec retries": 0, "exec seeds": 4660, "exec smash": 38801, "exec total [base]": 87013, "exec total [new]": 211446, "exec triage": 4097, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14110, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11492, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1777, "no exec duration": 25032000000, "no exec requests": 35, "pending": 0, "prog exec time": 304, "reproducing": 0, "rpc recv": 6636618348, "rpc sent": 523012584, "signal": 13038, "smash jobs": 4, "triage jobs": 5, "vm output": 1027837, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/16 19:20:03 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/16 19:20:03 syz-diff (base): kernel context loop terminated 2025/09/16 19:20:03 syz-diff (new): kernel context loop terminated 2025/09/16 19:20:03 diff fuzzing terminated 2025/09/16 19:20:03 bug reporting terminated 2025/09/16 19:20:03 status reporting terminated 2025/09/16 19:20:03 fuzzing is finished 2025/09/16 19:20:03 status at the end: Title On-Base On-Patched