2025/11/26 06:21:34 extracted 321630 text symbol hashes for base and 321632 for patched 2025/11/26 06:21:34 symbol "__UNIQUE_ID___addressable_vfio_pci_core_register_device1056" has different values in base vs patch 2025/11/26 06:21:34 binaries are different, continuing fuzzing 2025/11/26 06:21:34 adding modified_functions to focus areas: ["__pfx_vfio_pci_vmf_insert_pfn" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_mmap" "vfio_pci_mmap_huge_fault" "vfio_pci_vga_init" "vfio_pci_vmf_insert_pfn"] 2025/11/26 06:21:34 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/vfio_pci_core.h"] 2025/11/26 06:21:34 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/26 06:22:33 runner 1 connected 2025/11/26 06:22:33 runner 1 connected 2025/11/26 06:22:33 runner 8 connected 2025/11/26 06:22:33 runner 5 connected 2025/11/26 06:22:33 runner 0 connected 2025/11/26 06:22:34 runner 4 connected 2025/11/26 06:22:34 runner 2 connected 2025/11/26 06:22:40 initializing coverage information... 2025/11/26 06:22:40 runner 6 connected 2025/11/26 06:22:40 executor cover filter: 0 PCs 2025/11/26 06:22:40 runner 3 connected 2025/11/26 06:22:41 runner 2 connected 2025/11/26 06:22:41 runner 7 connected 2025/11/26 06:22:42 runner 0 connected 2025/11/26 06:22:43 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/26 06:22:43 base: machine check complete 2025/11/26 06:22:45 discovered 7601 source files, 332488 symbols 2025/11/26 06:22:45 coverage filter: __pfx_vfio_pci_vmf_insert_pfn: [] 2025/11/26 06:22:45 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/26 06:22:45 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/26 06:22:45 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/26 06:22:45 coverage filter: vfio_pci_core_mmap: [vfio_pci_core_mmap] 2025/11/26 06:22:45 coverage filter: vfio_pci_mmap_huge_fault: [vfio_pci_mmap_huge_fault] 2025/11/26 06:22:45 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/26 06:22:45 coverage filter: vfio_pci_vmf_insert_pfn: [vfio_pci_vmf_insert_pfn] 2025/11/26 06:22:45 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/11/26 06:22:45 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/26 06:22:45 coverage filter: include/linux/vfio_pci_core.h: [] 2025/11/26 06:22:45 area "symbols": 400 PCs in the cover filter 2025/11/26 06:22:45 area "files": 884 PCs in the cover filter 2025/11/26 06:22:45 area "": 0 PCs in the cover filter 2025/11/26 06:22:45 executor cover filter: 0 PCs 2025/11/26 06:22:46 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/26 06:22:46 new: machine check complete 2025/11/26 06:22:50 new: adding 2588 seeds 2025/11/26 06:23:07 triaged 97.0% of the corpus 2025/11/26 06:23:07 starting bug reproductions 2025/11/26 06:23:07 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/26 06:23:37 triaged 100.0% of the corpus 2025/11/26 06:26:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 4, "corpus": 713, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 19, "coverage": 10512, "distributor delayed": 439, "distributor undelayed": 439, "distributor violated": 0, "exec candidate": 2588, "exec collide": 3491, "exec fuzz": 6700, "exec gen": 334, "exec hints": 1094, "exec inject": 0, "exec minimize": 9438, "exec retries": 0, "exec seeds": 1967, "exec smash": 7245, "exec total [base]": 16424, "exec total [new]": 42525, "exec triage": 1971, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 902, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 177, "max signal": 10891, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5071, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 834, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 250, "reproducing": 0, "rpc recv": 1184853064, "rpc sent": 50648376, "signal": 10011, "smash jobs": 703, "triage jobs": 22, "vm output": 206068, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:31:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 986, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 75, "coverage": 11716, "distributor delayed": 598, "distributor undelayed": 598, "distributor violated": 0, "exec candidate": 2588, "exec collide": 7858, "exec fuzz": 15005, "exec gen": 772, "exec hints": 2710, "exec inject": 0, "exec minimize": 14049, "exec retries": 0, "exec seeds": 2886, "exec smash": 17827, "exec total [base]": 27045, "exec total [new]": 74147, "exec triage": 2753, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 781, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 146, "max signal": 12180, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7216, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1155, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 288, "reproducing": 0, "rpc recv": 2231045180, "rpc sent": 121536880, "signal": 11242, "smash jobs": 630, "triage jobs": 5, "vm output": 304877, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:36:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 66, "corpus": 1151, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 155, "coverage": 12313, "distributor delayed": 689, "distributor undelayed": 689, "distributor violated": 0, "exec candidate": 2588, "exec collide": 12206, "exec fuzz": 22890, "exec gen": 1181, "exec hints": 4997, "exec inject": 0, "exec minimize": 16690, "exec retries": 0, "exec seeds": 3426, "exec smash": 27634, "exec total [base]": 36443, "exec total [new]": 102531, "exec triage": 3220, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 169, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 52, "max signal": 13070, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8493, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1358, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 3071853528, "rpc sent": 193350024, "signal": 11777, "smash jobs": 108, "triage jobs": 9, "vm output": 405283, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:41:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 77, "corpus": 1293, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 261, "coverage": 13125, "distributor delayed": 760, "distributor undelayed": 760, "distributor violated": 0, "exec candidate": 2588, "exec collide": 17860, "exec fuzz": 33601, "exec gen": 1784, "exec hints": 6996, "exec inject": 0, "exec minimize": 19008, "exec retries": 0, "exec seeds": 3876, "exec smash": 32219, "exec total [base]": 45301, "exec total [new]": 129211, "exec triage": 3578, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13646, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9523, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1518, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 338, "reproducing": 0, "rpc recv": 3820357544, "rpc sent": 274115032, "signal": 12533, "smash jobs": 5, "triage jobs": 8, "vm output": 521746, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:46:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 85, "corpus": 1378, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 350, "coverage": 13336, "distributor delayed": 811, "distributor undelayed": 811, "distributor violated": 0, "exec candidate": 2588, "exec collide": 24755, "exec fuzz": 46371, "exec gen": 2460, "exec hints": 7642, "exec inject": 0, "exec minimize": 20440, "exec retries": 0, "exec seeds": 4134, "exec smash": 34306, "exec total [base]": 53532, "exec total [new]": 154215, "exec triage": 3820, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13877, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10190, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1619, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 4474107444, "rpc sent": 358512200, "signal": 12740, "smash jobs": 11, "triage jobs": 8, "vm output": 627635, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:51:37 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 95, "corpus": 1464, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 500, "coverage": 13602, "distributor delayed": 862, "distributor undelayed": 861, "distributor violated": 0, "exec candidate": 2588, "exec collide": 31312, "exec fuzz": 58980, "exec gen": 3107, "exec hints": 8262, "exec inject": 0, "exec minimize": 21924, "exec retries": 0, "exec seeds": 4392, "exec smash": 36583, "exec total [base]": 61860, "exec total [new]": 178900, "exec triage": 4054, "executor restarts [base]": 28, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14148, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10857, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1721, "no exec duration": 17027000000, "no exec requests": 24, "pending": 0, "prog exec time": 347, "reproducing": 0, "rpc recv": 5129241584, "rpc sent": 441538792, "signal": 12964, "smash jobs": 3, "triage jobs": 10, "vm output": 758130, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 06:53:37 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/26 06:53:37 repro loop terminated 2025/11/26 06:53:37 new: rpc server terminaled 2025/11/26 06:53:37 base: rpc server terminaled 2025/11/26 06:53:37 base: pool terminated 2025/11/26 06:53:37 base: kernel context loop terminated 2025/11/26 06:53:37 new: pool terminated 2025/11/26 06:53:37 new: kernel context loop terminated 2025/11/26 06:53:37 diff fuzzing terminated 2025/11/26 06:53:37 bug reporting terminated 2025/11/26 06:53:37 status reporting terminated 2025/11/26 06:53:37 fuzzing is finished 2025/11/26 06:53:37 status at the end: Title On-Base On-Patched