2025/09/23 22:37:25 extracted 327325 text symbol hashes for base and 327325 for patched 2025/09/23 22:37:25 binaries are different, continuing fuzzing 2025/09/23 22:37:25 adding modified_functions to focus areas: ["copy_to_iotlb"] 2025/09/23 22:37:25 adding directly modified files to focus areas: ["drivers/vhost/vringh.c"] 2025/09/23 22:37:27 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/23 22:38:24 runner 8 connected 2025/09/23 22:38:24 runner 7 connected 2025/09/23 22:38:24 runner 4 connected 2025/09/23 22:38:24 runner 6 connected 2025/09/23 22:38:24 runner 0 connected 2025/09/23 22:38:24 runner 5 connected 2025/09/23 22:38:24 runner 9 connected 2025/09/23 22:38:24 runner 0 connected 2025/09/23 22:38:24 runner 3 connected 2025/09/23 22:38:24 runner 1 connected 2025/09/23 22:38:24 runner 2 connected 2025/09/23 22:38:25 runner 3 connected 2025/09/23 22:38:25 runner 1 connected 2025/09/23 22:38:25 runner 2 connected 2025/09/23 22:38:31 executor cover filter: 0 PCs 2025/09/23 22:38:31 initializing coverage information... 2025/09/23 22:38:33 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/23 22:38:33 base: machine check complete 2025/09/23 22:38:35 discovered 7698 source files, 338753 symbols 2025/09/23 22:38:36 coverage filter: copy_to_iotlb: [copy_to_iotlb] 2025/09/23 22:38:36 coverage filter: drivers/vhost/vringh.c: [drivers/vhost/vringh.c] 2025/09/23 22:38:36 area "symbols": 18 PCs in the cover filter 2025/09/23 22:38:36 area "files": 464 PCs in the cover filter 2025/09/23 22:38:36 area "": 0 PCs in the cover filter 2025/09/23 22:38:36 executor cover filter: 0 PCs 2025/09/23 22:38:37 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/23 22:38:37 new: machine check complete 2025/09/23 22:38:40 new: adding 2385 seeds 2025/09/23 22:38:58 triaged 97.1% of the corpus 2025/09/23 22:38:58 starting bug reproductions 2025/09/23 22:38:58 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/23 22:39:28 triaged 100.0% of the corpus 2025/09/23 22:42:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 2, "corpus": 765, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10271, "distributor delayed": 442, "distributor undelayed": 442, "distributor violated": 0, "exec candidate": 2385, "exec collide": 4180, "exec fuzz": 8125, "exec gen": 399, "exec hints": 1247, "exec inject": 0, "exec minimize": 10554, "exec retries": 0, "exec seeds": 2156, "exec smash": 9022, "exec total [base]": 21901, "exec total [new]": 47238, "exec triage": 2083, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 909, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 170, "max signal": 10779, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5620, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 884, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 244, "reproducing": 0, "rpc recv": 1550740724, "rpc sent": 65072376, "signal": 9893, "smash jobs": 720, "triage jobs": 19, "vm output": 214073, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 22:47:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 18, "corpus": 1036, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12272, "distributor delayed": 580, "distributor undelayed": 580, "distributor violated": 0, "exec candidate": 2385, "exec collide": 9514, "exec fuzz": 18464, "exec gen": 878, "exec hints": 3433, "exec inject": 0, "exec minimize": 14741, "exec retries": 0, "exec seeds": 3079, "exec smash": 22055, "exec total [base]": 36763, "exec total [new]": 84484, "exec triage": 2846, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 501, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 100, "max signal": 12772, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7461, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1202, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 287, "reproducing": 0, "rpc recv": 2816990588, "rpc sent": 147764560, "signal": 11813, "smash jobs": 399, "triage jobs": 2, "vm output": 397858, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 22:52:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1199, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 12806, "distributor delayed": 654, "distributor undelayed": 654, "distributor violated": 0, "exec candidate": 2385, "exec collide": 15889, "exec fuzz": 30099, "exec gen": 1452, "exec hints": 6577, "exec inject": 0, "exec minimize": 17412, "exec retries": 0, "exec seeds": 3620, "exec smash": 30038, "exec total [base]": 50250, "exec total [new]": 117841, "exec triage": 3280, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13320, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8656, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1398, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 321, "reproducing": 0, "rpc recv": 3895227540, "rpc sent": 230006640, "signal": 12320, "smash jobs": 10, "triage jobs": 6, "vm output": 636347, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 22:57:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1336, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13352, "distributor delayed": 719, "distributor undelayed": 719, "distributor violated": 0, "exec candidate": 2385, "exec collide": 23263, "exec fuzz": 43921, "exec gen": 2171, "exec hints": 7669, "exec inject": 0, "exec minimize": 19816, "exec retries": 0, "exec seeds": 4031, "exec smash": 33493, "exec total [base]": 62021, "exec total [new]": 147520, "exec triage": 3682, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13853, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9723, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1565, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 321, "reproducing": 0, "rpc recv": 4851006628, "rpc sent": 313349000, "signal": 12831, "smash jobs": 8, "triage jobs": 11, "vm output": 919902, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 23:02:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 74, "corpus": 1437, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 77, "coverage": 13587, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2385, "exec collide": 30545, "exec fuzz": 57900, "exec gen": 2883, "exec hints": 8851, "exec inject": 0, "exec minimize": 21443, "exec retries": 0, "exec seeds": 4331, "exec smash": 36037, "exec total [base]": 72936, "exec total [new]": 175417, "exec triage": 3953, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 12, "max signal": 14130, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10416, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1680, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 295, "reproducing": 0, "rpc recv": 5707225976, "rpc sent": 391528560, "signal": 13047, "smash jobs": 7, "triage jobs": 3, "vm output": 1156999, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 23:07:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 88, "corpus": 1493, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 146, "coverage": 13708, "distributor delayed": 798, "distributor undelayed": 798, "distributor violated": 0, "exec candidate": 2385, "exec collide": 38055, "exec fuzz": 72395, "exec gen": 3636, "exec hints": 9448, "exec inject": 0, "exec minimize": 22749, "exec retries": 0, "exec seeds": 4503, "exec smash": 37480, "exec total [base]": 83542, "exec total [new]": 201873, "exec triage": 4136, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14319, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11055, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1755, "no exec duration": 18007000000, "no exec requests": 20, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 6503081196, "rpc sent": 468529608, "signal": 13159, "smash jobs": 3, "triage jobs": 4, "vm output": 1340710, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/23 23:09:28 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/23 23:09:28 syz-diff (base): kernel context loop terminated 2025/09/23 23:09:28 syz-diff (new): kernel context loop terminated 2025/09/23 23:09:28 diff fuzzing terminated 2025/09/23 23:09:28 status reporting terminated 2025/09/23 23:09:28 bug reporting terminated 2025/09/23 23:09:28 fuzzing is finished 2025/09/23 23:09:28 status at the end: Title On-Base On-Patched