2025/11/26 20:50:47 extracted 321630 text symbol hashes for base and 321632 for patched 2025/11/26 20:50:47 symbol "__UNIQUE_ID___addressable_vfio_pci_core_mmap1044" has different values in base vs patch 2025/11/26 20:50:47 binaries are different, continuing fuzzing 2025/11/26 20:50:47 adding modified_functions to focus areas: ["__pfx_vfio_pci_vmf_insert_pfn" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_mmap" "vfio_pci_mmap_huge_fault" "vfio_pci_vga_init" "vfio_pci_vmf_insert_pfn"] 2025/11/26 20:50:47 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/vfio_pci_core.h"] 2025/11/26 20:50:47 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/26 20:51:45 runner 0 connected 2025/11/26 20:51:45 runner 7 connected 2025/11/26 20:51:45 runner 4 connected 2025/11/26 20:51:45 runner 6 connected 2025/11/26 20:51:46 runner 5 connected 2025/11/26 20:51:46 runner 1 connected 2025/11/26 20:51:46 runner 2 connected 2025/11/26 20:51:46 runner 0 connected 2025/11/26 20:51:46 runner 3 connected 2025/11/26 20:51:47 runner 8 connected 2025/11/26 20:51:47 runner 1 connected 2025/11/26 20:51:47 runner 2 connected 2025/11/26 20:51:52 initializing coverage information... 2025/11/26 20:51:52 executor cover filter: 0 PCs 2025/11/26 20:51:54 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/26 20:51:54 base: machine check complete 2025/11/26 20:51:56 discovered 7601 source files, 332488 symbols 2025/11/26 20:51:57 coverage filter: __pfx_vfio_pci_vmf_insert_pfn: [] 2025/11/26 20:51:57 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/26 20:51:57 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/26 20:51:57 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/26 20:51:57 coverage filter: vfio_pci_core_mmap: [vfio_pci_core_mmap] 2025/11/26 20:51:57 coverage filter: vfio_pci_mmap_huge_fault: [vfio_pci_mmap_huge_fault] 2025/11/26 20:51:57 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/26 20:51:57 coverage filter: vfio_pci_vmf_insert_pfn: [vfio_pci_vmf_insert_pfn] 2025/11/26 20:51:57 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/11/26 20:51:57 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/26 20:51:57 coverage filter: include/linux/vfio_pci_core.h: [] 2025/11/26 20:51:57 area "symbols": 400 PCs in the cover filter 2025/11/26 20:51:57 area "files": 884 PCs in the cover filter 2025/11/26 20:51:57 area "": 0 PCs in the cover filter 2025/11/26 20:51:57 executor cover filter: 0 PCs 2025/11/26 20:51:58 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/26 20:51:58 new: machine check complete 2025/11/26 20:52:01 new: adding 2588 seeds 2025/11/26 20:52:19 triaged 97.0% of the corpus 2025/11/26 20:52:19 starting bug reproductions 2025/11/26 20:52:19 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/26 20:52:49 triaged 100.0% of the corpus 2025/11/26 20:55:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 749, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 9640, "distributor delayed": 456, "distributor undelayed": 456, "distributor violated": 0, "exec candidate": 2588, "exec collide": 4132, "exec fuzz": 7897, "exec gen": 375, "exec hints": 1213, "exec inject": 0, "exec minimize": 9575, "exec retries": 0, "exec seeds": 2102, "exec smash": 8860, "exec total [base]": 17548, "exec total [new]": 46423, "exec triage": 1984, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 873, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 157, "max signal": 10035, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5072, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 845, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 196, "reproducing": 0, "rpc recv": 1260198544, "rpc sent": 83771880, "signal": 9180, "smash jobs": 702, "triage jobs": 14, "vm output": 206694, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:00:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 40, "corpus": 1025, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 141, "coverage": 12176, "distributor delayed": 601, "distributor undelayed": 601, "distributor violated": 0, "exec candidate": 2588, "exec collide": 9007, "exec fuzz": 17252, "exec gen": 839, "exec hints": 3126, "exec inject": 0, "exec minimize": 14253, "exec retries": 0, "exec seeds": 3007, "exec smash": 20736, "exec total [base]": 29157, "exec total [new]": 81283, "exec triage": 2772, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 555, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 127, "max signal": 12649, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7267, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1180, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 234, "reproducing": 0, "rpc recv": 2277559296, "rpc sent": 192700736, "signal": 11656, "smash jobs": 418, "triage jobs": 10, "vm output": 375853, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:05:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 64, "corpus": 1186, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 353, "coverage": 12847, "distributor delayed": 700, "distributor undelayed": 700, "distributor violated": 0, "exec candidate": 2588, "exec collide": 13522, "exec fuzz": 25869, "exec gen": 1293, "exec hints": 6366, "exec inject": 0, "exec minimize": 17090, "exec retries": 0, "exec seeds": 3552, "exec smash": 29443, "exec total [base]": 38973, "exec total [new]": 110701, "exec triage": 3280, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 7, "max signal": 13339, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8560, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1384, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 379, "reproducing": 0, "rpc recv": 3206574244, "rpc sent": 285659296, "signal": 12280, "smash jobs": 12, "triage jobs": 7, "vm output": 539925, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:10:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 82, "corpus": 1311, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 616, "coverage": 13230, "distributor delayed": 759, "distributor undelayed": 759, "distributor violated": 0, "exec candidate": 2588, "exec collide": 19855, "exec fuzz": 37906, "exec gen": 1964, "exec hints": 7964, "exec inject": 0, "exec minimize": 19369, "exec retries": 0, "exec seeds": 3921, "exec smash": 32629, "exec total [base]": 47693, "exec total [new]": 137497, "exec triage": 3600, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 13821, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9618, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1526, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 278, "reproducing": 0, "rpc recv": 3985898176, "rpc sent": 378865216, "signal": 12639, "smash jobs": 5, "triage jobs": 9, "vm output": 676970, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:15:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 99, "corpus": 1410, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 818, "coverage": 13516, "distributor delayed": 818, "distributor undelayed": 818, "distributor violated": 0, "exec candidate": 2588, "exec collide": 26178, "exec fuzz": 50114, "exec gen": 2574, "exec hints": 9107, "exec inject": 0, "exec minimize": 21203, "exec retries": 0, "exec seeds": 4223, "exec smash": 35152, "exec total [base]": 56092, "exec total [new]": 162720, "exec triage": 3880, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14189, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10464, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1643, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 345, "reproducing": 0, "rpc recv": 4717763220, "rpc sent": 466910528, "signal": 12901, "smash jobs": 6, "triage jobs": 8, "vm output": 801787, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:20:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 111, "corpus": 1502, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 966, "coverage": 13789, "distributor delayed": 864, "distributor undelayed": 864, "distributor violated": 0, "exec candidate": 2588, "exec collide": 32577, "exec fuzz": 62414, "exec gen": 3177, "exec hints": 9669, "exec inject": 0, "exec minimize": 22580, "exec retries": 0, "exec seeds": 4496, "exec smash": 37224, "exec total [base]": 63944, "exec total [new]": 186554, "exec triage": 4130, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 37, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 14447, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11080, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1752, "no exec duration": 18084000000, "no exec requests": 32, "pending": 0, "prog exec time": 313, "reproducing": 0, "rpc recv": 5371476744, "rpc sent": 549867312, "signal": 13126, "smash jobs": 21, "triage jobs": 10, "vm output": 945405, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/26 21:22:49 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/26 21:22:49 repro loop terminated 2025/11/26 21:22:49 base: rpc server terminaled 2025/11/26 21:22:49 new: rpc server terminaled 2025/11/26 21:22:49 base: pool terminated 2025/11/26 21:22:49 base: kernel context loop terminated 2025/11/26 21:22:49 new: pool terminated 2025/11/26 21:22:49 new: kernel context loop terminated 2025/11/26 21:22:49 diff fuzzing terminated 2025/11/26 21:22:49 bug reporting terminated 2025/11/26 21:22:49 status reporting terminated 2025/11/26 21:22:49 fuzzing is finished 2025/11/26 21:22:49 status at the end: Title On-Base On-Patched