2025/11/21 17:25:31 extracted 321630 text symbol hashes for base and 321634 for patched 2025/11/21 17:25:31 symbol "vfio_ecap_init.__UNIQUE_ID_ddebug1074" has different values in base vs patch 2025/11/21 17:25:31 binaries are different, continuing fuzzing 2025/11/21 17:25:31 adding modified_functions to focus areas: ["__pfx_vfio_find_cap_start" "__pfx_vfio_pci_map_pfn" "vfio_find_cap_start" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_map_pfn" "vfio_pci_mmap_huge_fault" "vfio_pci_vga_init"] 2025/11/21 17:25:31 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_config.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/vfio_pci_core.h"] 2025/11/21 17:25:31 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/21 17:26:29 runner 2 connected 2025/11/21 17:26:30 runner 1 connected 2025/11/21 17:26:30 runner 0 connected 2025/11/21 17:26:30 runner 7 connected 2025/11/21 17:26:30 runner 2 connected 2025/11/21 17:26:30 runner 6 connected 2025/11/21 17:26:30 runner 0 connected 2025/11/21 17:26:30 runner 1 connected 2025/11/21 17:26:30 runner 4 connected 2025/11/21 17:26:31 runner 8 connected 2025/11/21 17:26:31 runner 5 connected 2025/11/21 17:26:31 runner 3 connected 2025/11/21 17:26:36 initializing coverage information... 2025/11/21 17:26:36 executor cover filter: 0 PCs 2025/11/21 17:26:38 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/21 17:26:38 base: machine check complete 2025/11/21 17:26:40 discovered 7601 source files, 332490 symbols 2025/11/21 17:26:40 coverage filter: __pfx_vfio_find_cap_start: [] 2025/11/21 17:26:40 coverage filter: __pfx_vfio_pci_map_pfn: [] 2025/11/21 17:26:40 coverage filter: vfio_find_cap_start: [vfio_find_cap_start] 2025/11/21 17:26:40 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/11/21 17:26:40 coverage filter: vfio_pci_core_ioctl: [vfio_pci_core_ioctl vfio_pci_core_ioctl_feature] 2025/11/21 17:26:40 coverage filter: vfio_pci_core_ioctl_feature: [] 2025/11/21 17:26:40 coverage filter: vfio_pci_map_pfn: [vfio_pci_map_pfn] 2025/11/21 17:26:40 coverage filter: vfio_pci_mmap_huge_fault: [vfio_pci_mmap_huge_fault] 2025/11/21 17:26:40 coverage filter: vfio_pci_vga_init: [vfio_pci_vga_init] 2025/11/21 17:26:40 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/11/21 17:26:40 coverage filter: drivers/vfio/pci/vfio_pci_config.c: [drivers/vfio/pci/vfio_pci_config.c] 2025/11/21 17:26:40 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/11/21 17:26:40 coverage filter: include/linux/vfio_pci_core.h: [] 2025/11/21 17:26:40 area "symbols": 379 PCs in the cover filter 2025/11/21 17:26:40 area "files": 1604 PCs in the cover filter 2025/11/21 17:26:40 area "": 0 PCs in the cover filter 2025/11/21 17:26:40 executor cover filter: 0 PCs 2025/11/21 17:26:41 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/21 17:26:41 new: machine check complete 2025/11/21 17:26:44 new: adding 2612 seeds 2025/11/21 17:27:03 triaged 97.0% of the corpus 2025/11/21 17:27:03 starting bug reproductions 2025/11/21 17:27:03 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/21 17:27:33 triaged 100.0% of the corpus 2025/11/21 17:30:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 743, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9411, "distributor delayed": 486, "distributor undelayed": 486, "distributor violated": 0, "exec candidate": 2612, "exec collide": 4522, "exec fuzz": 8588, "exec gen": 441, "exec hints": 1401, "exec inject": 0, "exec minimize": 9408, "exec retries": 0, "exec seeds": 2100, "exec smash": 9832, "exec total [base]": 18252, "exec total [new]": 48686, "exec triage": 2012, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 822, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 141, "max signal": 9880, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4983, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 855, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 155, "reproducing": 0, "rpc recv": 1285659720, "rpc sent": 64452984, "signal": 8915, "smash jobs": 673, "triage jobs": 8, "vm output": 253558, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:35:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 50, "corpus": 1019, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 22, "coverage": 11551, "distributor delayed": 642, "distributor undelayed": 642, "distributor violated": 0, "exec candidate": 2612, "exec collide": 9651, "exec fuzz": 18306, "exec gen": 962, "exec hints": 3573, "exec inject": 0, "exec minimize": 13972, "exec retries": 0, "exec seeds": 3015, "exec smash": 22115, "exec total [base]": 30426, "exec total [new]": 84771, "exec triage": 2796, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 420, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 101, "max signal": 12132, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7066, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1191, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 253, "reproducing": 0, "rpc recv": 2308864116, "rpc sent": 132047544, "signal": 11035, "smash jobs": 310, "triage jobs": 9, "vm output": 487775, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:40:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 94, "corpus": 1179, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 48, "coverage": 12476, "distributor delayed": 729, "distributor undelayed": 729, "distributor violated": 0, "exec candidate": 2612, "exec collide": 14670, "exec fuzz": 27848, "exec gen": 1455, "exec hints": 7514, "exec inject": 0, "exec minimize": 16896, "exec retries": 0, "exec seeds": 3527, "exec smash": 29213, "exec total [base]": 40463, "exec total [new]": 114768, "exec triage": 3260, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 7, "max signal": 13399, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8360, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1382, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 250, "reproducing": 0, "rpc recv": 3197427296, "rpc sent": 192662056, "signal": 11864, "smash jobs": 14, "triage jobs": 5, "vm output": 714813, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:45:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 118, "corpus": 1289, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 97, "coverage": 12986, "distributor delayed": 787, "distributor undelayed": 787, "distributor violated": 0, "exec candidate": 2612, "exec collide": 21383, "exec fuzz": 40361, "exec gen": 2117, "exec hints": 8364, "exec inject": 0, "exec minimize": 19093, "exec retries": 0, "exec seeds": 3867, "exec smash": 32129, "exec total [base]": 49491, "exec total [new]": 141292, "exec triage": 3597, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13908, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9389, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1523, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 3961005216, "rpc sent": 263576224, "signal": 12326, "smash jobs": 7, "triage jobs": 8, "vm output": 943905, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:50:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 130, "corpus": 1362, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 188, "coverage": 13200, "distributor delayed": 832, "distributor undelayed": 832, "distributor violated": 0, "exec candidate": 2612, "exec collide": 28806, "exec fuzz": 54297, "exec gen": 2861, "exec hints": 8461, "exec inject": 0, "exec minimize": 20367, "exec retries": 0, "exec seeds": 4084, "exec smash": 33966, "exec total [base]": 58004, "exec total [new]": 167031, "exec triage": 3807, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14132, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9985, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1613, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 308, "reproducing": 0, "rpc recv": 4605752308, "rpc sent": 334946256, "signal": 12508, "smash jobs": 8, "triage jobs": 9, "vm output": 1151460, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:55:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 140, "corpus": 1434, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 236, "coverage": 13407, "distributor delayed": 875, "distributor undelayed": 875, "distributor violated": 0, "exec candidate": 2612, "exec collide": 35877, "exec fuzz": 67740, "exec gen": 3578, "exec hints": 8747, "exec inject": 0, "exec minimize": 21680, "exec retries": 0, "exec seeds": 4305, "exec smash": 35853, "exec total [base]": 66397, "exec total [new]": 192176, "exec triage": 4013, "executor restarts [base]": 29, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14390, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10618, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1700, "no exec duration": 20178000000, "no exec requests": 48, "pending": 0, "prog exec time": 342, "reproducing": 0, "rpc recv": 5254044728, "rpc sent": 408865992, "signal": 12715, "smash jobs": 2, "triage jobs": 6, "vm output": 1331419, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/21 17:57:33 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/21 17:57:33 repro loop terminated 2025/11/21 17:57:33 base: rpc server terminaled 2025/11/21 17:57:33 new: rpc server terminaled 2025/11/21 17:57:34 base: pool terminated 2025/11/21 17:57:34 base: kernel context loop terminated 2025/11/21 17:57:34 new: pool terminated 2025/11/21 17:57:34 new: kernel context loop terminated 2025/11/21 17:57:34 diff fuzzing terminated 2025/11/21 17:57:34 bug reporting terminated 2025/11/21 17:57:34 status reporting terminated 2025/11/21 17:57:34 fuzzing is finished 2025/11/21 17:57:34 status at the end: Title On-Base On-Patched