2025/09/10 10:11:32 extracted 327320 text symbol hashes for base and 327320 for patched 2025/09/10 10:11:32 binaries are different, continuing fuzzing 2025/09/10 10:11:32 adding modified_functions to focus areas: ["copy_from_iotlb"] 2025/09/10 10:11:32 adding directly modified files to focus areas: ["drivers/vhost/vringh.c"] 2025/09/10 10:11:33 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/10 10:12:31 runner 1 connected 2025/09/10 10:12:31 runner 4 connected 2025/09/10 10:12:31 runner 0 connected 2025/09/10 10:12:31 runner 2 connected 2025/09/10 10:12:31 runner 3 connected 2025/09/10 10:12:31 runner 9 connected 2025/09/10 10:12:31 runner 7 connected 2025/09/10 10:12:31 runner 8 connected 2025/09/10 10:12:31 runner 2 connected 2025/09/10 10:12:31 runner 3 connected 2025/09/10 10:12:31 runner 6 connected 2025/09/10 10:12:32 runner 1 connected 2025/09/10 10:12:38 runner 0 connected 2025/09/10 10:12:38 runner 5 connected 2025/09/10 10:12:38 executor cover filter: 0 PCs 2025/09/10 10:12:38 initializing coverage information... 2025/09/10 10:12:40 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/10 10:12:40 base: machine check complete 2025/09/10 10:12:44 discovered 7700 source files, 338752 symbols 2025/09/10 10:12:44 coverage filter: copy_from_iotlb: [copy_from_iotlb] 2025/09/10 10:12:44 coverage filter: drivers/vhost/vringh.c: [drivers/vhost/vringh.c] 2025/09/10 10:12:44 area "symbols": 18 PCs in the cover filter 2025/09/10 10:12:44 area "files": 464 PCs in the cover filter 2025/09/10 10:12:44 area "": 0 PCs in the cover filter 2025/09/10 10:12:44 executor cover filter: 0 PCs 2025/09/10 10:12:45 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/10 10:12:45 new: machine check complete 2025/09/10 10:12:48 new: adding 2275 seeds 2025/09/10 10:13:05 triaged 97.2% of the corpus 2025/09/10 10:13:05 starting bug reproductions 2025/09/10 10:13:05 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/10 10:13:35 triaged 100.0% of the corpus 2025/09/10 10:16:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 13, "corpus": 750, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10226, "distributor delayed": 408, "distributor undelayed": 408, "distributor violated": 0, "exec candidate": 2275, "exec collide": 4013, "exec fuzz": 7583, "exec gen": 386, "exec hints": 1168, "exec inject": 0, "exec minimize": 9757, "exec retries": 0, "exec seeds": 2078, "exec smash": 8449, "exec total [base]": 20429, "exec total [new]": 44511, "exec triage": 2030, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 903, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 171, "max signal": 10643, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5092, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 864, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 241, "reproducing": 0, "rpc recv": 1474436740, "rpc sent": 74155688, "signal": 9871, "smash jobs": 712, "triage jobs": 20, "vm output": 222394, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:21:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 56, "corpus": 1052, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11951, "distributor delayed": 564, "distributor undelayed": 564, "distributor violated": 0, "exec candidate": 2275, "exec collide": 8720, "exec fuzz": 16672, "exec gen": 877, "exec hints": 3069, "exec inject": 0, "exec minimize": 14652, "exec retries": 0, "exec seeds": 3050, "exec smash": 19865, "exec total [base]": 34294, "exec total [new]": 78805, "exec triage": 2854, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 722, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 148, "max signal": 12409, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7354, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1216, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 291, "reproducing": 0, "rpc recv": 2687006488, "rpc sent": 156802704, "signal": 11418, "smash jobs": 559, "triage jobs": 15, "vm output": 441746, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:26:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 83, "corpus": 1231, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 34, "coverage": 12590, "distributor delayed": 667, "distributor undelayed": 667, "distributor violated": 0, "exec candidate": 2275, "exec collide": 13094, "exec fuzz": 24887, "exec gen": 1329, "exec hints": 5897, "exec inject": 0, "exec minimize": 17805, "exec retries": 0, "exec seeds": 3644, "exec smash": 29479, "exec total [base]": 46191, "exec total [new]": 108577, "exec triage": 3395, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 175, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 68, "max signal": 13174, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8801, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1436, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 301, "reproducing": 0, "rpc recv": 3794558448, "rpc sent": 232285560, "signal": 12036, "smash jobs": 101, "triage jobs": 6, "vm output": 763442, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:31:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 95, "corpus": 1338, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 78, "coverage": 13012, "distributor delayed": 713, "distributor undelayed": 713, "distributor violated": 0, "exec candidate": 2275, "exec collide": 19161, "exec fuzz": 36671, "exec gen": 1926, "exec hints": 8791, "exec inject": 0, "exec minimize": 19939, "exec retries": 0, "exec seeds": 3984, "exec smash": 33134, "exec total [base]": 57307, "exec total [new]": 136361, "exec triage": 3709, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13646, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9785, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1569, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 332, "reproducing": 0, "rpc recv": 4689145840, "rpc sent": 313099488, "signal": 12437, "smash jobs": 8, "triage jobs": 10, "vm output": 1096513, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:36:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 124, "corpus": 1437, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 127, "coverage": 13327, "distributor delayed": 761, "distributor undelayed": 761, "distributor violated": 0, "exec candidate": 2275, "exec collide": 25761, "exec fuzz": 49449, "exec gen": 2622, "exec hints": 8991, "exec inject": 0, "exec minimize": 22006, "exec retries": 1, "exec seeds": 4276, "exec smash": 35567, "exec total [base]": 67344, "exec total [new]": 161752, "exec triage": 4034, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 14048, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10749, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1695, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 366, "reproducing": 0, "rpc recv": 5535997884, "rpc sent": 396089936, "signal": 12688, "smash jobs": 8, "triage jobs": 5, "vm output": 1616906, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:41:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 133, "corpus": 1502, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 172, "coverage": 13572, "distributor delayed": 798, "distributor undelayed": 798, "distributor violated": 0, "exec candidate": 2275, "exec collide": 33007, "exec fuzz": 63105, "exec gen": 3345, "exec hints": 9219, "exec inject": 0, "exec minimize": 23046, "exec retries": 1, "exec seeds": 4474, "exec smash": 37266, "exec total [base]": 77105, "exec total [new]": 186745, "exec triage": 4235, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14403, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11246, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1780, "no exec duration": 22012000000, "no exec requests": 23, "pending": 0, "prog exec time": 356, "reproducing": 0, "rpc recv": 6278945096, "rpc sent": 478238104, "signal": 12874, "smash jobs": 4, "triage jobs": 3, "vm output": 2147080, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/10 10:43:35 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/10 10:43:35 syz-diff (base): kernel context loop terminated 2025/09/10 10:43:35 syz-diff (new): kernel context loop terminated 2025/09/10 10:43:35 diff fuzzing terminated 2025/09/10 10:43:35 status reporting terminated 2025/09/10 10:43:35 bug reporting terminated 2025/09/10 10:43:35 fuzzing is finished 2025/09/10 10:43:35 status at the end: Title On-Base On-Patched