2025/11/20 13:38:14 extracted 321630 text symbol hashes for base and 321630 for patched 2025/11/20 13:38:14 symbol "__UNIQUE_ID___addressable_vfio_pci_core_match1047" has different values in base vs patch 2025/11/20 13:38:14 binaries are different, continuing fuzzing 2025/11/20 13:38:14 adding modified_functions to focus areas: ["vfio_ioctl_device_feature_migration_data_size" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_register_device" "vfio_pci_dev_set_hot_reset" "vfio_pci_vga_init"] 2025/11/20 13:38:14 adding directly modified files to focus areas: ["drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c" "drivers/vfio/pci/mlx5/cmd.c" "drivers/vfio/pci/mlx5/cmd.h" "drivers/vfio/pci/mlx5/main.c" "drivers/vfio/pci/pds/pci_drv.c" "drivers/vfio/pci/pds/vfio_dev.c" "drivers/vfio/pci/qat/main.c" "drivers/vfio/pci/vfio_pci_core.c" "drivers/vfio/pci/virtio/common.h" "drivers/vfio/pci/virtio/main.c" "drivers/vfio/pci/virtio/migrate.c" "include/linux/vfio.h"] 2025/11/20 13:38:14 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/20 13:39:13 runner 1 connected 2025/11/20 13:39:13 runner 7 connected 2025/11/20 13:39:13 runner 6 connected 2025/11/20 13:39:13 runner 3 connected 2025/11/20 13:39:13 runner 2 connected 2025/11/20 13:39:13 runner 1 connected 2025/11/20 13:39:13 runner 0 connected 2025/11/20 13:39:13 runner 5 connected 2025/11/20 13:39:13 runner 0 connected 2025/11/20 13:39:13 runner 4 connected 2025/11/20 13:39:13 runner 2 connected 2025/11/20 13:39:13 runner 8 connected 2025/11/20 13:39:19 initializing coverage information... 2025/11/20 13:39:19 executor cover filter: 0 PCs 2025/11/20 13:39:21 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/20 13:39:21 base: machine check complete 2025/11/20 13:39:23 discovered 7601 source files, 332486 symbols 2025/11/20 13:39:23 coverage filter: vfio_ioctl_device_feature_migration_data_size: [vfio_ioctl_device_feature_migration_data_size] 2025/11/20 13:39:23 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/20 13:39:23 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/20 13:39:23 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/20 13:39:23 coverage filter: vfio_pci_core_register_device: [vfio_pci_core_register_device] 2025/11/20 13:39:23 coverage filter: vfio_pci_dev_set_hot_reset: [vfio_pci_dev_set_hot_reset] 2025/11/20 13:39:23 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/mlx5/cmd.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/mlx5/cmd.h: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/mlx5/main.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/pds/pci_drv.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/pds/vfio_dev.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/qat/main.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/virtio/common.h: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/virtio/main.c: [] 2025/11/20 13:39:23 coverage filter: drivers/vfio/pci/virtio/migrate.c: [] 2025/11/20 13:39:23 coverage filter: include/linux/vfio.h: [] 2025/11/20 13:39:23 area "symbols": 455 PCs in the cover filter 2025/11/20 13:39:23 area "files": 905 PCs in the cover filter 2025/11/20 13:39:23 area "": 0 PCs in the cover filter 2025/11/20 13:39:23 executor cover filter: 0 PCs 2025/11/20 13:39:24 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/20 13:39:24 new: machine check complete 2025/11/20 13:39:28 new: adding 2714 seeds 2025/11/20 13:39:46 triaged 97.0% of the corpus 2025/11/20 13:39:46 starting bug reproductions 2025/11/20 13:39:46 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/20 13:40:16 triaged 100.0% of the corpus 2025/11/20 13:43:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 745, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9181, "distributor delayed": 456, "distributor undelayed": 456, "distributor violated": 0, "exec candidate": 2714, "exec collide": 4539, "exec fuzz": 8526, "exec gen": 445, "exec hints": 1512, "exec inject": 0, "exec minimize": 9317, "exec retries": 0, "exec seeds": 2111, "exec smash": 9630, "exec total [base]": 18391, "exec total [new]": 48892, "exec triage": 2016, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 877, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 169, "max signal": 9600, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4883, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 853, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 207, "reproducing": 0, "rpc recv": 1233533360, "rpc sent": 62011856, "signal": 8717, "smash jobs": 693, "triage jobs": 15, "vm output": 235495, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 13:48:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 25, "corpus": 1031, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11698, "distributor delayed": 596, "distributor undelayed": 596, "distributor violated": 0, "exec candidate": 2714, "exec collide": 9435, "exec fuzz": 17826, "exec gen": 962, "exec hints": 3664, "exec inject": 0, "exec minimize": 14215, "exec retries": 0, "exec seeds": 3047, "exec smash": 21251, "exec total [base]": 30480, "exec total [new]": 83974, "exec triage": 2779, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 563, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 134, "max signal": 12243, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7135, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1187, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 249, "reproducing": 0, "rpc recv": 2232671464, "rpc sent": 131953960, "signal": 11203, "smash jobs": 415, "triage jobs": 14, "vm output": 371956, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 13:53:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1222, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 5, "coverage": 12405, "distributor delayed": 707, "distributor undelayed": 707, "distributor violated": 0, "exec candidate": 2714, "exec collide": 13660, "exec fuzz": 25781, "exec gen": 1409, "exec hints": 7161, "exec inject": 0, "exec minimize": 17886, "exec retries": 0, "exec seeds": 3647, "exec smash": 29785, "exec total [base]": 40151, "exec total [new]": 113444, "exec triage": 3320, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 128, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 48, "max signal": 12892, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8794, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1415, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 288, "reproducing": 0, "rpc recv": 3199209784, "rpc sent": 191143640, "signal": 11812, "smash jobs": 67, "triage jobs": 13, "vm output": 505089, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 13:58:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1360, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 55, "coverage": 12846, "distributor delayed": 781, "distributor undelayed": 781, "distributor violated": 0, "exec candidate": 2714, "exec collide": 19220, "exec fuzz": 36333, "exec gen": 1997, "exec hints": 10614, "exec inject": 0, "exec minimize": 20195, "exec retries": 0, "exec seeds": 4080, "exec smash": 33945, "exec total [base]": 49283, "exec total [new]": 140877, "exec triage": 3697, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13386, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9843, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1572, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 320, "reproducing": 0, "rpc recv": 4016172844, "rpc sent": 258553896, "signal": 12205, "smash jobs": 6, "triage jobs": 3, "vm output": 643277, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 14:03:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 95, "corpus": 1439, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 114, "coverage": 13051, "distributor delayed": 829, "distributor undelayed": 829, "distributor violated": 0, "exec candidate": 2714, "exec collide": 25787, "exec fuzz": 48717, "exec gen": 2642, "exec hints": 11162, "exec inject": 0, "exec minimize": 21826, "exec retries": 0, "exec seeds": 4318, "exec smash": 35881, "exec total [base]": 57297, "exec total [new]": 165084, "exec triage": 3955, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 27, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13683, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10598, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1686, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 301, "reproducing": 0, "rpc recv": 4668503324, "rpc sent": 323917144, "signal": 12425, "smash jobs": 9, "triage jobs": 15, "vm output": 759539, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 14:08:16 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 106, "corpus": 1524, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 175, "coverage": 13293, "distributor delayed": 872, "distributor undelayed": 872, "distributor violated": 0, "exec candidate": 2714, "exec collide": 32096, "exec fuzz": 60588, "exec gen": 3256, "exec hints": 13431, "exec inject": 0, "exec minimize": 23476, "exec retries": 0, "exec seeds": 4575, "exec smash": 38076, "exec total [base]": 65737, "exec total [new]": 190481, "exec triage": 4189, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13920, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11340, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1782, "no exec duration": 26044000000, "no exec requests": 39, "pending": 0, "prog exec time": 355, "reproducing": 0, "rpc recv": 5349763820, "rpc sent": 389523328, "signal": 12713, "smash jobs": 4, "triage jobs": 8, "vm output": 895400, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/20 14:10:16 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/20 14:10:16 repro loop terminated 2025/11/20 14:10:16 base: rpc server terminaled 2025/11/20 14:10:16 new: rpc server terminaled 2025/11/20 14:10:17 new: pool terminated 2025/11/20 14:10:17 new: kernel context loop terminated 2025/11/20 14:10:17 base: pool terminated 2025/11/20 14:10:17 base: kernel context loop terminated 2025/11/20 14:10:17 diff fuzzing terminated 2025/11/20 14:10:17 bug reporting terminated 2025/11/20 14:10:17 status reporting terminated 2025/11/20 14:10:17 fuzzing is finished 2025/11/20 14:10:17 status at the end: Title On-Base On-Patched