2025/10/13 20:20:06 extracted 333434 text symbol hashes for base and 333434 for patched 2025/10/13 20:20:06 symbol "vfio_pci_core_enable.__UNIQUE_ID_ddebug1022" has different values in base vs patch 2025/10/13 20:20:06 binaries are different, continuing fuzzing 2025/10/13 20:20:07 adding modified_functions to focus areas: ["vfio_pci_core_disable" "vfio_pci_core_ioctl"] 2025/10/13 20:20:07 adding directly modified files to focus areas: ["drivers/vfio/pci/vfio_pci_core.c" "include/uapi/linux/vfio.h"] 2025/10/13 20:20:07 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/13 20:21:05 runner 1 connected 2025/10/13 20:21:05 runner 2 connected 2025/10/13 20:21:05 runner 7 connected 2025/10/13 20:21:06 runner 4 connected 2025/10/13 20:21:06 runner 8 connected 2025/10/13 20:21:12 runner 2 connected 2025/10/13 20:21:12 runner 0 connected 2025/10/13 20:21:13 initializing coverage information... 2025/10/13 20:21:13 executor cover filter: 0 PCs 2025/10/13 20:21:13 runner 5 connected 2025/10/13 20:21:13 runner 0 connected 2025/10/13 20:21:13 runner 3 connected 2025/10/13 20:21:13 runner 1 connected 2025/10/13 20:21:14 runner 6 connected 2025/10/13 20:21:16 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/13 20:21:16 base: machine check complete 2025/10/13 20:21:18 discovered 7839 source files, 344893 symbols 2025/10/13 20:21:19 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/10/13 20:21:19 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/10/13 20:21:19 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/10/13 20:21:19 coverage filter: include/uapi/linux/vfio.h: [] 2025/10/13 20:21:19 area "symbols": 346 PCs in the cover filter 2025/10/13 20:21:19 area "files": 900 PCs in the cover filter 2025/10/13 20:21:19 area "": 0 PCs in the cover filter 2025/10/13 20:21:19 executor cover filter: 0 PCs 2025/10/13 20:21:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/13 20:21:20 new: machine check complete 2025/10/13 20:21:24 new: adding 2277 seeds 2025/10/13 20:21:39 triaged 97.2% of the corpus 2025/10/13 20:21:39 starting bug reproductions 2025/10/13 20:21:39 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/13 20:22:09 triaged 100.0% of the corpus 2025/10/13 20:25:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 707, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9313, "distributor delayed": 403, "distributor undelayed": 403, "distributor violated": 0, "exec candidate": 2277, "exec collide": 3800, "exec fuzz": 7148, "exec gen": 356, "exec hints": 1010, "exec inject": 0, "exec minimize": 9118, "exec retries": 0, "exec seeds": 1963, "exec smash": 8120, "exec total [base]": 15941, "exec total [new]": 42452, "exec triage": 1888, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 808, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 139, "max signal": 9788, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4875, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 802, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 237, "reproducing": 0, "rpc recv": 1226437616, "rpc sent": 56712656, "signal": 8842, "smash jobs": 654, "triage jobs": 15, "vm output": 179638, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:30:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 993, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 14, "coverage": 10914, "distributor delayed": 532, "distributor undelayed": 532, "distributor violated": 0, "exec candidate": 2277, "exec collide": 8994, "exec fuzz": 17165, "exec gen": 873, "exec hints": 3115, "exec inject": 0, "exec minimize": 13455, "exec retries": 0, "exec seeds": 2888, "exec smash": 20811, "exec total [base]": 28112, "exec total [new]": 78943, "exec triage": 2594, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 462, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 109, "max signal": 11360, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6927, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1121, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 216, "reproducing": 0, "rpc recv": 2192576848, "rpc sent": 133981536, "signal": 10375, "smash jobs": 348, "triage jobs": 5, "vm output": 282029, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:35:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 11, "corpus": 1238, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 42, "coverage": 11613, "distributor delayed": 643, "distributor undelayed": 643, "distributor violated": 0, "exec candidate": 2277, "exec collide": 13849, "exec fuzz": 26380, "exec gen": 1332, "exec hints": 6926, "exec inject": 0, "exec minimize": 17595, "exec retries": 0, "exec seeds": 3684, "exec smash": 30532, "exec total [base]": 39159, "exec total [new]": 112514, "exec triage": 3167, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 32, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 13, "max signal": 12076, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8766, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1388, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 262, "reproducing": 0, "rpc recv": 3237824052, "rpc sent": 224056280, "signal": 11058, "smash jobs": 16, "triage jobs": 3, "vm output": 420024, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:40:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1354, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 136, "coverage": 12881, "distributor delayed": 712, "distributor undelayed": 712, "distributor violated": 0, "exec candidate": 2277, "exec collide": 20671, "exec fuzz": 39316, "exec gen": 2057, "exec hints": 10236, "exec inject": 0, "exec minimize": 19732, "exec retries": 0, "exec seeds": 4035, "exec smash": 33525, "exec total [base]": 49112, "exec total [new]": 142165, "exec triage": 3543, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13459, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9730, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1541, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 323, "reproducing": 0, "rpc recv": 4024333560, "rpc sent": 316618624, "signal": 12323, "smash jobs": 7, "triage jobs": 7, "vm output": 536978, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:45:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 48, "corpus": 1465, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 230, "coverage": 13184, "distributor delayed": 763, "distributor undelayed": 763, "distributor violated": 0, "exec candidate": 2277, "exec collide": 27424, "exec fuzz": 52261, "exec gen": 2727, "exec hints": 10806, "exec inject": 0, "exec minimize": 21760, "exec retries": 0, "exec seeds": 4362, "exec smash": 36270, "exec total [base]": 57727, "exec total [new]": 168466, "exec triage": 3808, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13719, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10657, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1658, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 319, "reproducing": 0, "rpc recv": 4786480320, "rpc sent": 398713576, "signal": 12599, "smash jobs": 8, "triage jobs": 4, "vm output": 637745, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:50:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1542, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 312, "coverage": 13392, "distributor delayed": 813, "distributor undelayed": 813, "distributor violated": 0, "exec candidate": 2277, "exec collide": 34482, "exec fuzz": 65675, "exec gen": 3471, "exec hints": 11241, "exec inject": 0, "exec minimize": 23279, "exec retries": 0, "exec seeds": 4599, "exec smash": 38317, "exec total [base]": 66190, "exec total [new]": 194146, "exec triage": 4033, "executor restarts [base]": 31, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13930, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11375, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1756, "no exec duration": 15005000000, "no exec requests": 17, "pending": 0, "prog exec time": 315, "reproducing": 0, "rpc recv": 5490625780, "rpc sent": 480562952, "signal": 12780, "smash jobs": 2, "triage jobs": 6, "vm output": 742316, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/13 20:52:09 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/13 20:52:09 repro loop terminated 2025/10/13 20:52:09 new: rpc server terminaled 2025/10/13 20:52:09 base: rpc server terminaled 2025/10/13 20:52:09 new: pool terminated 2025/10/13 20:52:09 new: kernel context loop terminated 2025/10/13 20:52:09 base: pool terminated 2025/10/13 20:52:09 base: kernel context loop terminated 2025/10/13 20:52:09 diff fuzzing terminated 2025/10/13 20:52:09 status reporting terminated 2025/10/13 20:52:09 bug reporting terminated 2025/10/13 20:52:09 fuzzing is finished 2025/10/13 20:52:09 status at the end: Title On-Base On-Patched