2025/12/08 08:36:54 extracted 322796 text symbol hashes for base and 322796 for patched 2025/12/08 08:36:54 symbol "vfio_pci_mmap_huge_fault.descriptor" has different values in base vs patch 2025/12/08 08:36:54 binaries are different, continuing fuzzing 2025/12/08 08:36:54 adding modified_functions to focus areas: ["vfio_pci_core_disable"] 2025/12/08 08:36:54 adding directly modified files to focus areas: ["drivers/vfio/pci/vfio_pci_core.c"] 2025/12/08 08:36:54 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/12/08 08:37:53 runner 8 connected 2025/12/08 08:37:53 runner 1 connected 2025/12/08 08:37:53 runner 0 connected 2025/12/08 08:37:53 runner 0 connected 2025/12/08 08:37:53 runner 3 connected 2025/12/08 08:37:54 runner 7 connected 2025/12/08 08:37:54 runner 5 connected 2025/12/08 08:37:54 runner 1 connected 2025/12/08 08:37:54 runner 2 connected 2025/12/08 08:37:54 runner 2 connected 2025/12/08 08:37:54 runner 6 connected 2025/12/08 08:37:54 runner 4 connected 2025/12/08 08:37:59 executor cover filter: 0 PCs 2025/12/08 08:37:59 initializing coverage information... 2025/12/08 08:38:01 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/08 08:38:01 base: machine check complete 2025/12/08 08:38:03 discovered 7609 source files, 333750 symbols 2025/12/08 08:38:04 coverage filter: vfio_pci_core_disable: [vfio_pci_core_disable] 2025/12/08 08:38:04 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2025/12/08 08:38:04 area "symbols": 87 PCs in the cover filter 2025/12/08 08:38:04 area "files": 880 PCs in the cover filter 2025/12/08 08:38:04 area "": 0 PCs in the cover filter 2025/12/08 08:38:04 executor cover filter: 0 PCs 2025/12/08 08:38:05 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/08 08:38:05 new: machine check complete 2025/12/08 08:38:08 new: adding 2418 seeds 2025/12/08 08:38:27 triaged 97.6% of the corpus 2025/12/08 08:38:27 starting bug reproductions 2025/12/08 08:38:27 starting bug reproductions (max 6 VMs, 4 repros) 2025/12/08 08:38:57 triaged 100.0% of the corpus 2025/12/08 08:41:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 5, "corpus": 721, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10862, "distributor delayed": 471, "distributor undelayed": 471, "distributor violated": 0, "exec candidate": 2418, "exec collide": 3935, "exec fuzz": 7415, "exec gen": 387, "exec hints": 1131, "exec inject": 0, "exec minimize": 9388, "exec retries": 0, "exec seeds": 2038, "exec smash": 8366, "exec total [base]": 16311, "exec total [new]": 44299, "exec triage": 2018, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 860, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 154, "max signal": 11434, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5002, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 845, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 223, "reproducing": 0, "rpc recv": 1221661612, "rpc sent": 64105320, "signal": 10297, "smash jobs": 696, "triage jobs": 10, "vm output": 187568, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 08:46:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 54, "corpus": 1004, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 29, "coverage": 12208, "distributor delayed": 634, "distributor undelayed": 634, "distributor violated": 0, "exec candidate": 2418, "exec collide": 8445, "exec fuzz": 16121, "exec gen": 836, "exec hints": 3013, "exec inject": 0, "exec minimize": 13837, "exec retries": 0, "exec seeds": 2912, "exec smash": 19285, "exec total [base]": 27442, "exec total [new]": 76853, "exec triage": 2787, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 682, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 166, "max signal": 12729, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7033, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1174, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 219, "reproducing": 0, "rpc recv": 2246024016, "rpc sent": 139278728, "signal": 11688, "smash jobs": 504, "triage jobs": 12, "vm output": 288569, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 08:51:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 77, "corpus": 1175, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 98, "coverage": 12727, "distributor delayed": 724, "distributor undelayed": 724, "distributor violated": 0, "exec candidate": 2418, "exec collide": 12676, "exec fuzz": 24208, "exec gen": 1230, "exec hints": 5741, "exec inject": 0, "exec minimize": 16490, "exec retries": 0, "exec seeds": 3510, "exec smash": 28662, "exec total [base]": 36951, "exec total [new]": 105385, "exec triage": 3248, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 92, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 27, "max signal": 13252, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8206, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1374, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 289, "reproducing": 0, "rpc recv": 3164291596, "rpc sent": 205434608, "signal": 12165, "smash jobs": 58, "triage jobs": 7, "vm output": 395837, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 08:56:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1285, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 150, "coverage": 13010, "distributor delayed": 771, "distributor undelayed": 771, "distributor violated": 0, "exec candidate": 2418, "exec collide": 19165, "exec fuzz": 36468, "exec gen": 1856, "exec hints": 7870, "exec inject": 0, "exec minimize": 18300, "exec retries": 0, "exec seeds": 3844, "exec smash": 31959, "exec total [base]": 45873, "exec total [new]": 132613, "exec triage": 3530, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 13566, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9058, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1500, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 3870344176, "rpc sent": 275468160, "signal": 12430, "smash jobs": 5, "triage jobs": 7, "vm output": 530198, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 09:01:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 92, "corpus": 1379, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 190, "coverage": 13274, "distributor delayed": 824, "distributor undelayed": 824, "distributor violated": 0, "exec candidate": 2418, "exec collide": 26179, "exec fuzz": 49708, "exec gen": 2551, "exec hints": 8870, "exec inject": 0, "exec minimize": 19629, "exec retries": 0, "exec seeds": 4125, "exec smash": 34337, "exec total [base]": 54547, "exec total [new]": 158812, "exec triage": 3792, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13945, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9678, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1612, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 329, "reproducing": 0, "rpc recv": 4516636376, "rpc sent": 346787864, "signal": 12662, "smash jobs": 4, "triage jobs": 2, "vm output": 687993, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 09:06:57 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 107, "corpus": 1448, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 229, "coverage": 13406, "distributor delayed": 860, "distributor undelayed": 860, "distributor violated": 0, "exec candidate": 2418, "exec collide": 33511, "exec fuzz": 63574, "exec gen": 3245, "exec hints": 9105, "exec inject": 0, "exec minimize": 20832, "exec retries": 0, "exec seeds": 4334, "exec smash": 36034, "exec total [base]": 62986, "exec total [new]": 184244, "exec triage": 3990, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14110, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10260, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1699, "no exec duration": 17064000000, "no exec requests": 30, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 5135446692, "rpc sent": 419732792, "signal": 12781, "smash jobs": 5, "triage jobs": 4, "vm output": 839943, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/08 09:08:57 fuzzer has not reached the modified code in 30m0s, aborting 2025/12/08 09:08:57 repro loop terminated 2025/12/08 09:08:57 base: rpc server terminaled 2025/12/08 09:08:57 new: rpc server terminaled 2025/12/08 09:08:57 base: pool terminated 2025/12/08 09:08:57 base: kernel context loop terminated 2025/12/08 09:08:57 new: pool terminated 2025/12/08 09:08:57 new: kernel context loop terminated 2025/12/08 09:08:57 diff fuzzing terminated 2025/12/08 09:08:57 bug reporting terminated 2025/12/08 09:08:57 status reporting terminated 2025/12/08 09:08:57 fuzzing is finished 2025/12/08 09:08:57 status at the end: Title On-Base On-Patched