2025/09/27 13:11:43 extracted 327422 text symbol hashes for base and 327422 for patched 2025/09/27 13:11:43 binaries are different, continuing fuzzing 2025/09/27 13:11:43 adding modified_functions to focus areas: ["vhost_vdpa_open" "vhost_vdpa_release" "vhost_vdpa_vring_ioctl"] 2025/09/27 13:11:43 adding directly modified files to focus areas: ["drivers/vhost/vdpa.c"] 2025/09/27 13:11:44 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/27 13:12:42 runner 7 connected 2025/09/27 13:12:42 runner 6 connected 2025/09/27 13:12:42 runner 2 connected 2025/09/27 13:12:42 runner 9 connected 2025/09/27 13:12:42 runner 5 connected 2025/09/27 13:12:42 runner 1 connected 2025/09/27 13:12:42 runner 4 connected 2025/09/27 13:12:42 runner 2 connected 2025/09/27 13:12:43 runner 3 connected 2025/09/27 13:12:43 runner 0 connected 2025/09/27 13:12:43 runner 8 connected 2025/09/27 13:12:43 runner 1 connected 2025/09/27 13:12:49 runner 3 connected 2025/09/27 13:12:50 initializing coverage information... 2025/09/27 13:12:50 executor cover filter: 0 PCs 2025/09/27 13:12:50 runner 0 connected 2025/09/27 13:12:53 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/27 13:12:53 base: machine check complete 2025/09/27 13:12:55 discovered 7682 source files, 338853 symbols 2025/09/27 13:12:56 coverage filter: vhost_vdpa_open: [vhost_vdpa_open] 2025/09/27 13:12:56 coverage filter: vhost_vdpa_release: [vhost_vdpa_release vhost_vdpa_release_dev] 2025/09/27 13:12:56 coverage filter: vhost_vdpa_vring_ioctl: [vhost_vdpa_vring_ioctl] 2025/09/27 13:12:56 coverage filter: drivers/vhost/vdpa.c: [drivers/vhost/vdpa.c] 2025/09/27 13:12:56 area "symbols": 108 PCs in the cover filter 2025/09/27 13:12:56 area "files": 517 PCs in the cover filter 2025/09/27 13:12:56 area "": 0 PCs in the cover filter 2025/09/27 13:12:56 executor cover filter: 0 PCs 2025/09/27 13:12:57 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/27 13:12:57 new: machine check complete 2025/09/27 13:13:01 new: adding 2439 seeds 2025/09/27 13:13:16 triaged 97.1% of the corpus 2025/09/27 13:13:16 starting bug reproductions 2025/09/27 13:13:16 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/27 13:13:46 triaged 100.0% of the corpus 2025/09/27 13:16:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 754, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10290, "distributor delayed": 455, "distributor undelayed": 455, "distributor violated": 0, "exec candidate": 2439, "exec collide": 4408, "exec fuzz": 8274, "exec gen": 417, "exec hints": 1330, "exec inject": 0, "exec minimize": 9557, "exec retries": 0, "exec seeds": 2117, "exec smash": 9399, "exec total [base]": 21097, "exec total [new]": 47237, "exec triage": 2029, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 842, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 161, "max signal": 10715, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5123, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 867, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 191, "reproducing": 0, "rpc recv": 1458852128, "rpc sent": 70717056, "signal": 9818, "smash jobs": 664, "triage jobs": 17, "vm output": 239730, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:21:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1033, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 11923, "distributor delayed": 594, "distributor undelayed": 594, "distributor violated": 0, "exec candidate": 2439, "exec collide": 9660, "exec fuzz": 18123, "exec gen": 947, "exec hints": 3662, "exec inject": 0, "exec minimize": 13810, "exec retries": 0, "exec seeds": 3035, "exec smash": 21783, "exec total [base]": 35730, "exec total [new]": 83556, "exec triage": 2833, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 488, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 112, "max signal": 12400, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6987, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1208, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 248, "reproducing": 0, "rpc recv": 2692493808, "rpc sent": 152976536, "signal": 11330, "smash jobs": 362, "triage jobs": 14, "vm output": 425179, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:26:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1237, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 9, "coverage": 12689, "distributor delayed": 680, "distributor undelayed": 680, "distributor violated": 0, "exec candidate": 2439, "exec collide": 14905, "exec fuzz": 28100, "exec gen": 1477, "exec hints": 8080, "exec inject": 0, "exec minimize": 17105, "exec retries": 0, "exec seeds": 3686, "exec smash": 30585, "exec total [base]": 48932, "exec total [new]": 116987, "exec triage": 3341, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 9, "max signal": 13119, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8467, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1428, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 256, "reproducing": 0, "rpc recv": 3783597856, "rpc sent": 227828856, "signal": 12063, "smash jobs": 12, "triage jobs": 3, "vm output": 672587, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:31:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1356, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 25, "coverage": 13240, "distributor delayed": 731, "distributor undelayed": 731, "distributor violated": 0, "exec candidate": 2439, "exec collide": 22312, "exec fuzz": 42312, "exec gen": 2250, "exec hints": 9394, "exec inject": 0, "exec minimize": 19137, "exec retries": 0, "exec seeds": 4047, "exec smash": 33665, "exec total [base]": 60541, "exec total [new]": 146485, "exec triage": 3661, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13748, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9382, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1566, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 309, "reproducing": 0, "rpc recv": 4663829892, "rpc sent": 302466984, "signal": 12616, "smash jobs": 6, "triage jobs": 5, "vm output": 940919, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:36:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 67, "corpus": 1435, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 32, "coverage": 13432, "distributor delayed": 766, "distributor undelayed": 766, "distributor violated": 0, "exec candidate": 2439, "exec collide": 30171, "exec fuzz": 57303, "exec gen": 3033, "exec hints": 9874, "exec inject": 0, "exec minimize": 20546, "exec retries": 0, "exec seeds": 4290, "exec smash": 35679, "exec total [base]": 71667, "exec total [new]": 174480, "exec triage": 3879, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13963, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10022, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1662, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 304, "reproducing": 0, "rpc recv": 5484268200, "rpc sent": 379584352, "signal": 12796, "smash jobs": 5, "triage jobs": 6, "vm output": 1151113, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:41:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 74, "corpus": 1514, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 59, "coverage": 13626, "distributor delayed": 803, "distributor undelayed": 803, "distributor violated": 0, "exec candidate": 2439, "exec collide": 37911, "exec fuzz": 72256, "exec gen": 3800, "exec hints": 10008, "exec inject": 0, "exec minimize": 21917, "exec retries": 0, "exec seeds": 4530, "exec smash": 37691, "exec total [base]": 82399, "exec total [new]": 201911, "exec triage": 4092, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14176, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10667, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1753, "no exec duration": 19013000000, "no exec requests": 21, "pending": 0, "prog exec time": 336, "reproducing": 0, "rpc recv": 6293508548, "rpc sent": 455338696, "signal": 12970, "smash jobs": 5, "triage jobs": 3, "vm output": 1349436, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/27 13:43:46 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/27 13:43:46 syz-diff (base): kernel context loop terminated 2025/09/27 13:43:46 syz-diff (new): kernel context loop terminated 2025/09/27 13:43:46 diff fuzzing terminated 2025/09/27 13:43:46 status reporting terminated 2025/09/27 13:43:46 bug reporting terminated 2025/09/27 13:43:46 fuzzing is finished 2025/09/27 13:43:46 status at the end: Title On-Base On-Patched