2025/11/21 19:53:12 extracted 321630 text symbol hashes for base and 321636 for patched 2025/11/21 19:53:12 symbol "__UNIQUE_ID___addressable_vfio_pci_core_release_dev1053" has different values in base vs patch 2025/11/21 19:53:12 binaries are different, continuing fuzzing 2025/11/21 19:53:12 adding modified_functions to focus areas: ["__pfx_vfio_find_cap_start" "__pfx_vfio_pci_core_barmap" "__pfx_vfio_pci_map_pfn" "vfio_find_cap_start" "vfio_pci_core_barmap" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_mmap" "vfio_pci_map_pfn" "vfio_pci_mmap_huge_fault" "vfio_pci_vga_init"] 2025/11/21 19:53:12 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_config.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/vfio_pci_core.h"] 2025/11/21 19:53:12 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/21 19:54:10 runner 0 connected 2025/11/21 19:54:10 runner 3 connected 2025/11/21 19:54:10 runner 1 connected 2025/11/21 19:54:10 runner 6 connected 2025/11/21 19:54:10 runner 5 connected 2025/11/21 19:54:10 runner 8 connected 2025/11/21 19:54:10 runner 0 connected 2025/11/21 19:54:10 runner 2 connected 2025/11/21 19:54:10 runner 2 connected 2025/11/21 19:54:10 runner 1 connected 2025/11/21 19:54:10 runner 4 connected 2025/11/21 19:54:10 runner 7 connected 2025/11/21 19:54:17 executor cover filter: 0 PCs 2025/11/21 19:54:17 initializing coverage information... 2025/11/21 19:54:18 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/21 19:54:18 base: machine check complete 2025/11/21 19:54:21 discovered 7601 source files, 332492 symbols 2025/11/21 19:54:22 coverage filter: __pfx_vfio_find_cap_start: [] 2025/11/21 19:54:22 coverage filter: __pfx_vfio_pci_core_barmap: [] 2025/11/21 19:54:22 coverage filter: __pfx_vfio_pci_map_pfn: [] 2025/11/21 19:54:22 coverage filter: vfio_find_cap_start: [vfio_find_cap_start] 2025/11/21 19:54:22 coverage filter: vfio_pci_core_barmap: [vfio_pci_core_barmap] 2025/11/21 19:54:22 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/21 19:54:22 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/21 19:54:22 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/21 19:54:22 coverage filter: vfio_pci_core_mmap: [vfio_pci_core_mmap] 2025/11/21 19:54:22 coverage filter: vfio_pci_map_pfn: [vfio_pci_map_pfn] 2025/11/21 19:54:22 coverage filter: vfio_pci_mmap_huge_fault: [vfio_pci_mmap_huge_fault] 2025/11/21 19:54:22 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/21 19:54:22 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/11/21 19:54:22 coverage filter: drivers/vfio/pci/vfio_pci_config.c: [drivers/vfio/pci/vfio_pci_config.c] 2025/11/21 19:54:22 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/21 19:54:22 coverage filter: include/linux/vfio_pci_core.h: [] 2025/11/21 19:54:22 area "symbols": 420 PCs in the cover filter 2025/11/21 19:54:22 area "files": 1616 PCs in the cover filter 2025/11/21 19:54:22 area "": 0 PCs in the cover filter 2025/11/21 19:54:22 executor cover filter: 0 PCs 2025/11/21 19:54:23 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/21 19:54:23 new: machine check complete 2025/11/21 19:54:26 new: adding 2612 seeds 2025/11/21 19:54:44 triaged 97.0% of the corpus 2025/11/21 19:54:44 starting bug reproductions 2025/11/21 19:54:44 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/21 19:55:14 triaged 100.0% of the corpus 2025/11/21 19:58:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 1, "corpus": 744, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10058, "distributor delayed": 426, "distributor undelayed": 426, "distributor violated": 0, "exec candidate": 2612, "exec collide": 3413, "exec fuzz": 6591, "exec gen": 346, "exec hints": 988, "exec inject": 0, "exec minimize": 10231, "exec retries": 0, "exec seeds": 2032, "exec smash": 7127, "exec total [base]": 16494, "exec total [new]": 43128, "exec triage": 2011, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 946, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 198, "max signal": 10428, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5386, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 849, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 228, "reproducing": 0, "rpc recv": 1310750112, "rpc sent": 72305120, "signal": 9678, "smash jobs": 731, "triage jobs": 17, "vm output": 181629, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:03:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 998, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 92, "coverage": 12016, "distributor delayed": 558, "distributor undelayed": 558, "distributor violated": 0, "exec candidate": 2612, "exec collide": 7976, "exec fuzz": 15195, "exec gen": 803, "exec hints": 2799, "exec inject": 0, "exec minimize": 14653, "exec retries": 0, "exec seeds": 2917, "exec smash": 18054, "exec total [base]": 27419, "exec total [new]": 75505, "exec triage": 2717, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 860, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 169, "max signal": 12517, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7444, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1159, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 267, "reproducing": 0, "rpc recv": 2364324608, "rpc sent": 161611016, "signal": 11563, "smash jobs": 680, "triage jobs": 11, "vm output": 271389, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:08:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 65, "corpus": 1133, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 216, "coverage": 12588, "distributor delayed": 635, "distributor undelayed": 635, "distributor violated": 0, "exec candidate": 2612, "exec collide": 12175, "exec fuzz": 23279, "exec gen": 1224, "exec hints": 5439, "exec inject": 0, "exec minimize": 16920, "exec retries": 0, "exec seeds": 3396, "exec smash": 27633, "exec total [base]": 36695, "exec total [new]": 103541, "exec triage": 3087, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 131, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 44, "max signal": 13030, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8493, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1318, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 327, "reproducing": 0, "rpc recv": 3211216192, "rpc sent": 237180504, "signal": 12020, "smash jobs": 81, "triage jobs": 6, "vm output": 368646, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:13:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 81, "corpus": 1248, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 349, "coverage": 12957, "distributor delayed": 683, "distributor undelayed": 683, "distributor violated": 0, "exec candidate": 2612, "exec collide": 17669, "exec fuzz": 33779, "exec gen": 1771, "exec hints": 9919, "exec inject": 0, "exec minimize": 19047, "exec retries": 0, "exec seeds": 3744, "exec smash": 31062, "exec total [base]": 45789, "exec total [new]": 130773, "exec triage": 3393, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 8, "max signal": 13463, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9500, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1453, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 338, "reproducing": 0, "rpc recv": 3979485336, "rpc sent": 309001512, "signal": 12348, "smash jobs": 12, "triage jobs": 6, "vm output": 423955, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:18:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 106, "corpus": 1314, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 508, "coverage": 13102, "distributor delayed": 718, "distributor undelayed": 718, "distributor violated": 0, "exec candidate": 2612, "exec collide": 23889, "exec fuzz": 45417, "exec gen": 2395, "exec hints": 12480, "exec inject": 0, "exec minimize": 20435, "exec retries": 0, "exec seeds": 3942, "exec smash": 32825, "exec total [base]": 54007, "exec total [new]": 155375, "exec triage": 3601, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 13635, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10133, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1537, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 318, "reproducing": 0, "rpc recv": 4625262196, "rpc sent": 381553448, "signal": 12474, "smash jobs": 3, "triage jobs": 6, "vm output": 510539, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:23:14 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 115, "corpus": 1389, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 727, "coverage": 13389, "distributor delayed": 744, "distributor undelayed": 744, "distributor violated": 0, "exec candidate": 2612, "exec collide": 29973, "exec fuzz": 57254, "exec gen": 3025, "exec hints": 14937, "exec inject": 0, "exec minimize": 21779, "exec retries": 0, "exec seeds": 4166, "exec smash": 34602, "exec total [base]": 62041, "exec total [new]": 179946, "exec triage": 3824, "executor restarts [base]": 27, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 13939, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10735, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1632, "no exec duration": 20025000000, "no exec requests": 26, "pending": 0, "prog exec time": 335, "reproducing": 0, "rpc recv": 5268057536, "rpc sent": 456497904, "signal": 12731, "smash jobs": 10, "triage jobs": 8, "vm output": 611597, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 20:25:14 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/21 20:25:14 repro loop terminated 2025/11/21 20:25:14 new: rpc server terminaled 2025/11/21 20:25:14 base: rpc server terminaled 2025/11/21 20:25:14 base: pool terminated 2025/11/21 20:25:14 base: kernel context loop terminated 2025/11/21 20:25:14 new: pool terminated 2025/11/21 20:25:14 new: kernel context loop terminated 2025/11/21 20:25:14 diff fuzzing terminated 2025/11/21 20:25:14 bug reporting terminated 2025/11/21 20:25:14 status reporting terminated 2025/11/21 20:25:14 fuzzing is finished 2025/11/21 20:25:14 status at the end: Title On-Base On-Patched