2026/02/12 14:56:28 extracted 323191 text symbol hashes for base and 323191 for patched 2026/02/12 14:56:28 symbol "__UNIQUE_ID_addressable_vfio_pci_core_range_intersect_range_1036" has different values in base vs patch 2026/02/12 14:56:28 binaries are different, continuing fuzzing 2026/02/12 14:56:28 adding modified_functions to focus areas: ["vfio_pci_bar_rw" "vfio_pci_config_rw" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_mmap" "vfio_pci_dev_set_hot_reset" "vfio_pci_ioctl_get_region_info" "vfio_pci_ioeventfd" "vfio_pci_mmap_huge_fault" "vfio_pci_rw" "vfio_pci_vga_init" "vfio_pci_zap_and_down_write_memory_lock"] 2026/02/12 14:56:28 adding directly modified files to focus areas: ["MAINTAINERS" "drivers/vfio/pci/Kconfig" "drivers/vfio/pci/Makefile" "drivers/vfio/pci/ism/Kconfig" "drivers/vfio/pci/ism/Makefile" "drivers/vfio/pci/ism/main.c" "drivers/vfio/pci/vfio_pci_config.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/vfio_pci_core.h"] 2026/02/12 14:56:28 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/02/12 14:57:27 runner 8 connected 2026/02/12 14:57:27 runner 2 connected 2026/02/12 14:57:27 runner 1 connected 2026/02/12 14:57:28 runner 5 connected 2026/02/12 14:57:28 runner 7 connected 2026/02/12 14:57:28 runner 1 connected 2026/02/12 14:57:28 runner 4 connected 2026/02/12 14:57:28 runner 2 connected 2026/02/12 14:57:28 runner 3 connected 2026/02/12 14:57:28 runner 0 connected 2026/02/12 14:57:28 runner 0 connected 2026/02/12 14:57:28 runner 6 connected 2026/02/12 14:57:33 executor cover filter: 0 PCs 2026/02/12 14:57:33 initializing coverage information... 2026/02/12 14:57:35 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8179 2026/02/12 14:57:35 base: machine check complete 2026/02/12 14:57:37 discovered 7638 source files, 334383 symbols 2026/02/12 14:57:38 coverage filter: ^vfio_pci_bar_rw$: [vfio_pci_bar_rw] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_config_rw$: [vfio_pci_config_rw] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_core_disable$: [vfio_pci_core_disable] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_core_ioctl$: [vfio_pci_core_ioctl] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_core_ioctl_feature$: [vfio_pci_core_ioctl_feature] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_core_mmap$: [vfio_pci_core_mmap] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_dev_set_hot_reset$: [vfio_pci_dev_set_hot_reset] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_ioctl_get_region_info$: [vfio_pci_ioctl_get_region_info] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_ioeventfd$: [vfio_pci_ioeventfd] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_mmap_huge_fault$: [vfio_pci_mmap_huge_fault] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_rw$: [vfio_pci_rw] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_vga_init$: [vfio_pci_vga_init] 2026/02/12 14:57:38 coverage filter: ^vfio_pci_zap_and_down_write_memory_lock$: [vfio_pci_zap_and_down_write_memory_lock] 2026/02/12 14:57:38 coverage filter: MAINTAINERS: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/Kconfig: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/Makefile: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/ism/Kconfig: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/ism/Makefile: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/ism/main.c: [] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/vfio_pci_config.c: [drivers/vfio/pci/vfio_pci_config.c] 2026/02/12 14:57:38 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2026/02/12 14:57:38 coverage filter: include/linux/vfio_pci_core.h: [] 2026/02/12 14:57:38 area "symbols": 642 PCs in the cover filter 2026/02/12 14:57:38 area "files": 1659 PCs in the cover filter 2026/02/12 14:57:38 area "": 0 PCs in the cover filter 2026/02/12 14:57:38 executor cover filter: 0 PCs 2026/02/12 14:57:39 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8179 2026/02/12 14:57:39 new: machine check complete 2026/02/12 14:57:42 new: adding 2542 seeds 2026/02/12 14:58:00 triaged 97.1% of the corpus 2026/02/12 14:58:00 starting bug reproductions 2026/02/12 14:58:00 starting bug reproductions (max 6 VMs, 4 repros) 2026/02/12 14:58:30 triaged 100.0% of the corpus 2026/02/12 15:01:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 4, "corpus": 751, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10627, "distributor delayed": 505, "distributor undelayed": 505, "distributor violated": 0, "exec candidate": 2542, "exec collide": 4476, "exec fuzz": 8522, "exec gen": 451, "exec hints": 1493, "exec inject": 0, "exec minimize": 9558, "exec retries": 0, "exec seeds": 2051, "exec smash": 9710, "exec total [base]": 18368, "exec total [new]": 48400, "exec triage": 2048, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 823, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 175, "max signal": 11080, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5150, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 866, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 154, "reproducing": 0, "rpc recv": 1264301212, "rpc sent": 61579096, "signal": 9318, "smash jobs": 635, "triage jobs": 13, "vm output": 188061, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:06:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1058, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12163, "distributor delayed": 662, "distributor undelayed": 662, "distributor violated": 0, "exec candidate": 2542, "exec collide": 9255, "exec fuzz": 17567, "exec gen": 926, "exec hints": 3750, "exec inject": 0, "exec minimize": 14569, "exec retries": 0, "exec seeds": 3083, "exec smash": 20725, "exec total [base]": 30038, "exec total [new]": 82852, "exec triage": 2885, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 637, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 158, "max signal": 12659, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7463, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1224, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 225, "reproducing": 0, "rpc recv": 2371789636, "rpc sent": 128203328, "signal": 11431, "smash jobs": 471, "triage jobs": 8, "vm output": 313257, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:11:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1252, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 13095, "distributor delayed": 755, "distributor undelayed": 755, "distributor violated": 0, "exec candidate": 2542, "exec collide": 13483, "exec fuzz": 25821, "exec gen": 1327, "exec hints": 6642, "exec inject": 0, "exec minimize": 17870, "exec retries": 0, "exec seeds": 3721, "exec smash": 30071, "exec total [base]": 39749, "exec total [new]": 112426, "exec triage": 3398, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 145, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 44, "max signal": 13607, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8981, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1452, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 335, "reproducing": 0, "rpc recv": 3348484564, "rpc sent": 188462312, "signal": 12313, "smash jobs": 92, "triage jobs": 9, "vm output": 437250, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:16:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 65, "corpus": 1372, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 41, "coverage": 13468, "distributor delayed": 828, "distributor undelayed": 828, "distributor violated": 0, "exec candidate": 2542, "exec collide": 19785, "exec fuzz": 37660, "exec gen": 1978, "exec hints": 8321, "exec inject": 0, "exec minimize": 20047, "exec retries": 0, "exec seeds": 4110, "exec smash": 34207, "exec total [base]": 49037, "exec total [new]": 139928, "exec triage": 3727, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13966, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9988, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1591, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 4148042760, "rpc sent": 251883728, "signal": 12648, "smash jobs": 3, "triage jobs": 5, "vm output": 564733, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:21:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 97, "corpus": 1483, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 143, "coverage": 13713, "distributor delayed": 891, "distributor undelayed": 891, "distributor violated": 0, "exec candidate": 2542, "exec collide": 26087, "exec fuzz": 49449, "exec gen": 2606, "exec hints": 8642, "exec inject": 0, "exec minimize": 22040, "exec retries": 0, "exec seeds": 4443, "exec smash": 36914, "exec total [base]": 57147, "exec total [new]": 164307, "exec triage": 4033, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14298, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10920, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1718, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 295, "reproducing": 0, "rpc recv": 4862097912, "rpc sent": 312215168, "signal": 12874, "smash jobs": 9, "triage jobs": 2, "vm output": 679563, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:26:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 119, "corpus": 1567, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 224, "coverage": 13880, "distributor delayed": 951, "distributor undelayed": 951, "distributor violated": 0, "exec candidate": 2542, "exec collide": 32302, "exec fuzz": 61292, "exec gen": 3234, "exec hints": 8812, "exec inject": 0, "exec minimize": 23530, "exec retries": 0, "exec seeds": 4697, "exec smash": 39053, "exec total [base]": 64793, "exec total [new]": 187287, "exec triage": 4274, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14503, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11575, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1821, "no exec duration": 18133000000, "no exec requests": 37, "pending": 0, "prog exec time": 380, "reproducing": 0, "rpc recv": 5523292532, "rpc sent": 369017208, "signal": 13039, "smash jobs": 7, "triage jobs": 5, "vm output": 823790, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/12 15:28:30 fuzzer has not reached the modified code in 30m0s, aborting 2026/02/12 15:28:30 repro loop terminated 2026/02/12 15:28:30 base: rpc server terminaled 2026/02/12 15:28:30 new: rpc server terminaled 2026/02/12 15:30:25 base: pool terminated 2026/02/12 15:30:25 base: kernel context loop terminated 2026/02/12 15:30:25 new: pool terminated 2026/02/12 15:30:25 new: kernel context loop terminated 2026/02/12 15:30:25 diff fuzzing terminated 2026/02/12 15:30:25 bug reporting terminated 2026/02/12 15:30:25 status reporting terminated 2026/02/12 15:30:25 fuzzing is finished 2026/02/12 15:30:25 status at the end: Title On-Base On-Patched Status