2025/08/19 07:40:30 extracted 303749 symbol hashes for base and 303749 for patched 2025/08/19 07:40:30 adding modified_functions to focus areas: ["vhost_dev_ioctl"] 2025/08/19 07:40:30 adding directly modified files to focus areas: ["include/uapi/linux/vhost.h"] 2025/08/19 07:40:31 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/19 07:41:29 runner 5 connected 2025/08/19 07:41:29 runner 4 connected 2025/08/19 07:41:29 runner 1 connected 2025/08/19 07:41:29 runner 2 connected 2025/08/19 07:41:29 runner 0 connected 2025/08/19 07:41:29 runner 0 connected 2025/08/19 07:41:29 runner 2 connected 2025/08/19 07:41:29 runner 8 connected 2025/08/19 07:41:29 runner 7 connected 2025/08/19 07:41:29 runner 9 connected 2025/08/19 07:41:29 runner 3 connected 2025/08/19 07:41:30 runner 6 connected 2025/08/19 07:41:30 runner 3 connected 2025/08/19 07:41:35 initializing coverage information... 2025/08/19 07:41:36 executor cover filter: 0 PCs 2025/08/19 07:41:37 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/19 07:41:37 base: machine check complete 2025/08/19 07:41:40 discovered 7699 source files, 338618 symbols 2025/08/19 07:41:40 coverage filter: vhost_dev_ioctl: [vhost_dev_ioctl] 2025/08/19 07:41:40 coverage filter: include/uapi/linux/vhost.h: [] 2025/08/19 07:41:40 area "symbols": 59 PCs in the cover filter 2025/08/19 07:41:40 area "files": 0 PCs in the cover filter 2025/08/19 07:41:40 area "": 0 PCs in the cover filter 2025/08/19 07:41:40 executor cover filter: 0 PCs 2025/08/19 07:41:41 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/19 07:41:41 new: machine check complete 2025/08/19 07:41:44 new: adding 2311 seeds 2025/08/19 07:42:02 triaged 98.5% of the corpus 2025/08/19 07:42:02 starting bug reproductions 2025/08/19 07:42:02 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/19 07:42:32 triaged 100.0% of the corpus 2025/08/19 07:45:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 746, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9907, "distributor delayed": 376, "distributor undelayed": 376, "distributor violated": 0, "exec candidate": 2311, "exec collide": 4201, "exec fuzz": 7968, "exec gen": 421, "exec hints": 1305, "exec inject": 0, "exec minimize": 10146, "exec retries": 0, "exec seeds": 2113, "exec smash": 8945, "exec total [base]": 16804, "exec total [new]": 46253, "exec triage": 1974, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 869, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 141, "max signal": 10346, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5410, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 845, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 203, "reproducing": 0, "rpc recv": 832670416, "rpc sent": 70635976, "signal": 9422, "smash jobs": 710, "triage jobs": 18, "vm output": 180853, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/19 07:50:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 34, "corpus": 1030, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 10, "coverage": 12186, "distributor delayed": 511, "distributor undelayed": 511, "distributor violated": 0, "exec candidate": 2311, "exec collide": 9660, "exec fuzz": 18302, "exec gen": 946, "exec hints": 3731, "exec inject": 0, "exec minimize": 14955, "exec retries": 0, "exec seeds": 3032, "exec smash": 21917, "exec total [base]": 28880, "exec total [new]": 84478, "exec triage": 2755, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 464, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 112, "max signal": 12652, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7702, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1186, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 237, "reproducing": 0, "rpc recv": 1193646976, "rpc sent": 160408352, "signal": 11744, "smash jobs": 337, "triage jobs": 15, "vm output": 337173, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/19 07:50:38 base: boot error: can't ssh into the instance 2025/08/19 07:51:27 runner 1 connected 2025/08/19 07:55:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 50, "corpus": 1227, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 17, "coverage": 12844, "distributor delayed": 620, "distributor undelayed": 620, "distributor violated": 0, "exec candidate": 2311, "exec collide": 15336, "exec fuzz": 29442, "exec gen": 1526, "exec hints": 8345, "exec inject": 0, "exec minimize": 18434, "exec retries": 0, "exec seeds": 3666, "exec smash": 30449, "exec total [base]": 42571, "exec total [new]": 119667, "exec triage": 3288, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 13320, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9265, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1412, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 258, "reproducing": 0, "rpc recv": 1550714156, "rpc sent": 243383992, "signal": 12342, "smash jobs": 9, "triage jobs": 3, "vm output": 568121, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 08:00:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 57, "corpus": 1341, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 22, "coverage": 13251, "distributor delayed": 668, "distributor undelayed": 668, "distributor violated": 0, "exec candidate": 2311, "exec collide": 23296, "exec fuzz": 44620, "exec gen": 2328, "exec hints": 10903, "exec inject": 0, "exec minimize": 20359, "exec retries": 0, "exec seeds": 4008, "exec smash": 33300, "exec total [base]": 55741, "exec total [new]": 151612, "exec triage": 3617, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13771, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10151, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1555, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 1746121156, "rpc sent": 332551312, "signal": 12723, "smash jobs": 8, "triage jobs": 6, "vm output": 768794, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 08:05:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 66, "corpus": 1443, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 25, "coverage": 13459, "distributor delayed": 726, "distributor undelayed": 726, "distributor violated": 0, "exec candidate": 2311, "exec collide": 31514, "exec fuzz": 59967, "exec gen": 3114, "exec hints": 11654, "exec inject": 0, "exec minimize": 22237, "exec retries": 0, "exec seeds": 4317, "exec smash": 35897, "exec total [base]": 68224, "exec total [new]": 181781, "exec triage": 3903, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14023, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11101, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1677, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 1890019448, "rpc sent": 419104368, "signal": 12928, "smash jobs": 7, "triage jobs": 5, "vm output": 981269, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 08:10:32 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1523, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 27, "coverage": 13730, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2311, "exec collide": 39621, "exec fuzz": 75348, "exec gen": 3909, "exec hints": 11843, "exec inject": 0, "exec minimize": 23721, "exec retries": 0, "exec seeds": 4560, "exec smash": 37915, "exec total [base]": 79887, "exec total [new]": 210246, "exec triage": 4148, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14316, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11792, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1775, "no exec duration": 20029000000, "no exec requests": 26, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 2051410528, "rpc sent": 508482640, "signal": 13246, "smash jobs": 6, "triage jobs": 4, "vm output": 1264314, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 08:12:32 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/19 08:12:33 syz-diff (base): kernel context loop terminated 2025/08/19 08:12:33 syz-diff (new): kernel context loop terminated 2025/08/19 08:12:33 diff fuzzing terminated 2025/08/19 08:12:33 bug reporting terminated 2025/08/19 08:12:33 status reporting terminated 2025/08/19 08:12:33 fuzzing is finished 2025/08/19 08:12:33 status at the end: Title On-Base On-Patched