2025/09/25 06:53:52 extracted 327356 text symbol hashes for base and 327356 for patched 2025/09/25 06:53:53 binaries are different, continuing fuzzing 2025/09/25 06:53:53 adding modified_functions to focus areas: ["copy_to_iotlb"] 2025/09/25 06:53:53 adding directly modified files to focus areas: ["drivers/vhost/vringh.c"] 2025/09/25 06:53:54 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/25 06:54:58 runner 3 connected 2025/09/25 06:54:59 runner 1 connected 2025/09/25 06:54:59 runner 5 connected 2025/09/25 06:54:59 runner 4 connected 2025/09/25 06:54:59 runner 3 connected 2025/09/25 06:54:59 runner 6 connected 2025/09/25 06:55:00 runner 2 connected 2025/09/25 06:55:00 runner 9 connected 2025/09/25 06:55:00 runner 7 connected 2025/09/25 06:55:01 runner 0 connected 2025/09/25 06:55:01 runner 1 connected 2025/09/25 06:55:01 runner 2 connected 2025/09/25 06:55:02 runner 0 connected 2025/09/25 06:55:02 runner 8 connected 2025/09/25 06:55:06 initializing coverage information... 2025/09/25 06:55:07 executor cover filter: 0 PCs 2025/09/25 06:55:09 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/25 06:55:09 base: machine check complete 2025/09/25 06:55:11 discovered 7699 source files, 338751 symbols 2025/09/25 06:55:12 coverage filter: copy_to_iotlb: [copy_to_iotlb] 2025/09/25 06:55:12 coverage filter: drivers/vhost/vringh.c: [drivers/vhost/vringh.c] 2025/09/25 06:55:12 area "symbols": 18 PCs in the cover filter 2025/09/25 06:55:12 area "files": 464 PCs in the cover filter 2025/09/25 06:55:12 area "": 0 PCs in the cover filter 2025/09/25 06:55:12 executor cover filter: 0 PCs 2025/09/25 06:55:13 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/25 06:55:13 new: machine check complete 2025/09/25 06:55:17 new: adding 2584 seeds 2025/09/25 06:55:25 triaged 96.9% of the corpus 2025/09/25 06:55:25 starting bug reproductions 2025/09/25 06:55:25 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/25 06:55:55 triaged 100.0% of the corpus 2025/09/25 06:58:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 735, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9673, "distributor delayed": 384, "distributor undelayed": 384, "distributor violated": 0, "exec candidate": 2584, "exec collide": 4228, "exec fuzz": 8129, "exec gen": 449, "exec hints": 1361, "exec inject": 0, "exec minimize": 9628, "exec retries": 0, "exec seeds": 2074, "exec smash": 9061, "exec total [base]": 20781, "exec total [new]": 47141, "exec triage": 1929, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 780, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 155, "max signal": 10034, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5228, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 820, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 201, "reproducing": 0, "rpc recv": 1410376936, "rpc sent": 63634112, "signal": 9183, "smash jobs": 616, "triage jobs": 9, "vm output": 216630, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:03:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 1050, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11496, "distributor delayed": 517, "distributor undelayed": 517, "distributor violated": 0, "exec candidate": 2584, "exec collide": 9844, "exec fuzz": 18734, "exec gen": 991, "exec hints": 3779, "exec inject": 0, "exec minimize": 14484, "exec retries": 0, "exec seeds": 3103, "exec smash": 22374, "exec total [base]": 36352, "exec total [new]": 86289, "exec triage": 2699, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 467, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 101, "max signal": 11862, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7536, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1177, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 238, "reproducing": 0, "rpc recv": 2645229120, "rpc sent": 151435816, "signal": 10964, "smash jobs": 354, "triage jobs": 12, "vm output": 331161, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:08:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 13, "corpus": 1250, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 35, "coverage": 12772, "distributor delayed": 608, "distributor undelayed": 608, "distributor violated": 0, "exec candidate": 2584, "exec collide": 15892, "exec fuzz": 30120, "exec gen": 1582, "exec hints": 7207, "exec inject": 0, "exec minimize": 17909, "exec retries": 0, "exec seeds": 3750, "exec smash": 31159, "exec total [base]": 50307, "exec total [new]": 121115, "exec triage": 3216, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13141, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9154, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1405, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 258, "reproducing": 0, "rpc recv": 3786298760, "rpc sent": 243404792, "signal": 12213, "smash jobs": 6, "triage jobs": 13, "vm output": 449104, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:13:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 13, "corpus": 1380, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 60, "coverage": 13336, "distributor delayed": 673, "distributor undelayed": 673, "distributor violated": 0, "exec candidate": 2584, "exec collide": 24132, "exec fuzz": 46076, "exec gen": 2427, "exec hints": 8171, "exec inject": 0, "exec minimize": 20022, "exec retries": 0, "exec seeds": 4143, "exec smash": 34439, "exec total [base]": 62711, "exec total [new]": 153223, "exec triage": 3529, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 9, "max signal": 13785, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10138, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1543, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 4687721872, "rpc sent": 336879824, "signal": 12732, "smash jobs": 10, "triage jobs": 5, "vm output": 642589, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:18:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 21, "corpus": 1479, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 122, "coverage": 13659, "distributor delayed": 720, "distributor undelayed": 720, "distributor violated": 0, "exec candidate": 2584, "exec collide": 32197, "exec fuzz": 61334, "exec gen": 3249, "exec hints": 10028, "exec inject": 0, "exec minimize": 21679, "exec retries": 0, "exec seeds": 4452, "exec smash": 36931, "exec total [base]": 74986, "exec total [new]": 183936, "exec triage": 3782, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14067, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10920, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1655, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 292, "reproducing": 0, "rpc recv": 5562958644, "rpc sent": 433796672, "signal": 13057, "smash jobs": 13, "triage jobs": 5, "vm output": 810289, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:23:55 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1569, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 172, "coverage": 13987, "distributor delayed": 777, "distributor undelayed": 777, "distributor violated": 0, "exec candidate": 2584, "exec collide": 40262, "exec fuzz": 76405, "exec gen": 4043, "exec hints": 10414, "exec inject": 0, "exec minimize": 23182, "exec retries": 0, "exec seeds": 4722, "exec smash": 39305, "exec total [base]": 86454, "exec total [new]": 212670, "exec triage": 4052, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14462, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11607, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1768, "no exec duration": 20051000000, "no exec requests": 22, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 6396425812, "rpc sent": 530552600, "signal": 13359, "smash jobs": 3, "triage jobs": 5, "vm output": 931473, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/25 07:25:55 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/25 07:25:56 syz-diff (base): kernel context loop terminated 2025/09/25 07:25:56 syz-diff (new): kernel context loop terminated 2025/09/25 07:25:56 diff fuzzing terminated 2025/09/25 07:25:56 bug reporting terminated 2025/09/25 07:25:56 status reporting terminated 2025/09/25 07:25:56 fuzzing is finished 2025/09/25 07:25:56 status at the end: Title On-Base On-Patched