2025/11/27 18:35:43 extracted 321630 text symbol hashes for base and 321632 for patched 2025/11/27 18:35:43 symbol "vfio_pci_core_match_token_uuid._rs.17" has different values in base vs patch 2025/11/27 18:35:43 binaries are different, continuing fuzzing 2025/11/27 18:35:43 adding modified_functions to focus areas: ["__pfx_vfio_pci_vmf_insert_pfn" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_mmap" "vfio_pci_mmap_huge_fault" "vfio_pci_vga_init" "vfio_pci_vmf_insert_pfn"] 2025/11/27 18:35:43 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_config.c" "drivers/vfio/pci/vfio_pci_core.c" "drivers/vfio/pci/vfio_pci_priv.h" "include/linux/vfio_pci_core.h"] 2025/11/27 18:35:43 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/27 18:36:34 runner 8 connected 2025/11/27 18:36:40 initializing coverage information... 2025/11/27 18:36:41 runner 2 connected 2025/11/27 18:36:41 runner 7 connected 2025/11/27 18:36:41 runner 1 connected 2025/11/27 18:36:41 runner 0 connected 2025/11/27 18:36:41 runner 5 connected 2025/11/27 18:36:41 runner 3 connected 2025/11/27 18:36:41 runner 2 connected 2025/11/27 18:36:41 runner 6 connected 2025/11/27 18:36:41 runner 0 connected 2025/11/27 18:36:42 runner 4 connected 2025/11/27 18:36:42 runner 1 connected 2025/11/27 18:36:45 discovered 7601 source files, 332488 symbols 2025/11/27 18:36:45 coverage filter: __pfx_vfio_pci_vmf_insert_pfn: [] 2025/11/27 18:36:45 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/27 18:36:45 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/27 18:36:45 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/27 18:36:45 coverage filter: vfio_pci_core_mmap: [vfio_pci_core_mmap] 2025/11/27 18:36:45 coverage filter: vfio_pci_mmap_huge_fault: [vfio_pci_mmap_huge_fault] 2025/11/27 18:36:45 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/27 18:36:45 coverage filter: vfio_pci_vmf_insert_pfn: [vfio_pci_vmf_insert_pfn] 2025/11/27 18:36:45 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/11/27 18:36:45 coverage filter: drivers/vfio/pci/vfio_pci_config.c: [drivers/vfio/pci/vfio_pci_config.c] 2025/11/27 18:36:45 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/27 18:36:45 coverage filter: drivers/vfio/pci/vfio_pci_priv.h: [] 2025/11/27 18:36:45 coverage filter: include/linux/vfio_pci_core.h: [] 2025/11/27 18:36:45 area "symbols": 400 PCs in the cover filter 2025/11/27 18:36:45 area "files": 1596 PCs in the cover filter 2025/11/27 18:36:45 area "": 0 PCs in the cover filter 2025/11/27 18:36:45 executor cover filter: 0 PCs 2025/11/27 18:36:47 executor cover filter: 0 PCs 2025/11/27 18:36:48 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/27 18:36:48 new: machine check complete 2025/11/27 18:36:49 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/27 18:36:49 base: machine check complete 2025/11/27 18:36:51 new: adding 2455 seeds 2025/11/27 18:37:15 triaged 100.0% of the corpus 2025/11/27 18:37:15 starting bug reproductions 2025/11/27 18:37:15 triaged 100.0% of the corpus 2025/11/27 18:37:15 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/27 18:40:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 20, "corpus": 728, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10695, "distributor delayed": 474, "distributor undelayed": 474, "distributor violated": 0, "exec candidate": 2455, "exec collide": 3396, "exec fuzz": 6436, "exec gen": 354, "exec hints": 1108, "exec inject": 0, "exec minimize": 10238, "exec retries": 0, "exec seeds": 1977, "exec smash": 6829, "exec total [base]": 16307, "exec total [new]": 42190, "exec triage": 2092, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 926, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 211, "max signal": 11104, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5412, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 865, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 160, "reproducing": 0, "rpc recv": 1324389504, "rpc sent": 51309352, "signal": 10183, "smash jobs": 704, "triage jobs": 11, "vm output": 181784, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 18:45:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 53, "corpus": 974, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11909, "distributor delayed": 612, "distributor undelayed": 612, "distributor violated": 0, "exec candidate": 2455, "exec collide": 7684, "exec fuzz": 14760, "exec gen": 765, "exec hints": 2930, "exec inject": 0, "exec minimize": 14082, "exec retries": 0, "exec seeds": 2823, "exec smash": 17186, "exec total [base]": 26722, "exec total [new]": 72788, "exec triage": 2796, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 872, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 164, "max signal": 12517, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7192, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1164, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 886, "reproducing": 0, "rpc recv": 2330384312, "rpc sent": 116332344, "signal": 11321, "smash jobs": 698, "triage jobs": 10, "vm output": 267465, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 18:50:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 74, "corpus": 1158, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 50, "coverage": 12575, "distributor delayed": 713, "distributor undelayed": 713, "distributor violated": 0, "exec candidate": 2455, "exec collide": 11702, "exec fuzz": 22152, "exec gen": 1172, "exec hints": 5124, "exec inject": 0, "exec minimize": 17397, "exec retries": 0, "exec seeds": 3436, "exec smash": 26207, "exec total [base]": 35914, "exec total [new]": 100259, "exec triage": 3306, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 330, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 81, "max signal": 13263, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8757, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1383, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 127, "reproducing": 0, "rpc recv": 3219528996, "rpc sent": 178933744, "signal": 11927, "smash jobs": 238, "triage jobs": 11, "vm output": 366928, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 18:55:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 82, "corpus": 1294, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 108, "coverage": 12849, "distributor delayed": 778, "distributor undelayed": 778, "distributor violated": 0, "exec candidate": 2455, "exec collide": 16404, "exec fuzz": 31095, "exec gen": 1640, "exec hints": 7733, "exec inject": 0, "exec minimize": 19706, "exec retries": 0, "exec seeds": 3867, "exec smash": 32193, "exec total [base]": 44464, "exec total [new]": 126060, "exec triage": 3659, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13531, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9796, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1535, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 345, "reproducing": 0, "rpc recv": 4022813092, "rpc sent": 239093720, "signal": 12190, "smash jobs": 6, "triage jobs": 5, "vm output": 497223, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 19:00:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 101, "corpus": 1388, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 180, "coverage": 13149, "distributor delayed": 815, "distributor undelayed": 815, "distributor violated": 0, "exec candidate": 2455, "exec collide": 22506, "exec fuzz": 42591, "exec gen": 2195, "exec hints": 8212, "exec inject": 0, "exec minimize": 21323, "exec retries": 0, "exec seeds": 4148, "exec smash": 34527, "exec total [base]": 52058, "exec total [new]": 149157, "exec triage": 3890, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13840, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10530, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1637, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 2598, "reproducing": 0, "rpc recv": 4702407752, "rpc sent": 302874384, "signal": 12471, "smash jobs": 5, "triage jobs": 1, "vm output": 603568, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 19:05:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 110, "corpus": 1459, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 248, "coverage": 13352, "distributor delayed": 855, "distributor undelayed": 855, "distributor violated": 0, "exec candidate": 2455, "exec collide": 28697, "exec fuzz": 54483, "exec gen": 2793, "exec hints": 8384, "exec inject": 0, "exec minimize": 22627, "exec retries": 0, "exec seeds": 4364, "exec smash": 36310, "exec total [base]": 59512, "exec total [new]": 171531, "exec triage": 4110, "executor restarts [base]": 30, "executor restarts [new]": 46, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14081, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11140, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1726, "no exec duration": 10232000000, "no exec requests": 44, "pending": 0, "prog exec time": 408, "reproducing": 0, "rpc recv": 5339184740, "rpc sent": 365288376, "signal": 12663, "smash jobs": 4, "triage jobs": 4, "vm output": 709755, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/27 19:07:15 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/27 19:07:15 repro loop terminated 2025/11/27 19:07:15 new: rpc server terminaled 2025/11/27 19:07:15 base: rpc server terminaled 2025/11/27 19:07:15 new: pool terminated 2025/11/27 19:07:15 new: kernel context loop terminated 2025/11/27 19:07:15 base: pool terminated 2025/11/27 19:07:15 base: kernel context loop terminated 2025/11/27 19:07:15 diff fuzzing terminated 2025/11/27 19:07:15 bug reporting terminated 2025/11/27 19:07:15 status reporting terminated 2025/11/27 19:07:15 fuzzing is finished 2025/11/27 19:07:15 status at the end: Title On-Base On-Patched