2025/11/01 20:39:58 extracted 321630 text symbol hashes for base and 321630 for patched 2025/11/01 20:39:58 symbol "vhost_get_vq_desc.__UNIQUE_ID_ddebug1286" has different values in base vs patch 2025/11/01 20:39:58 binaries are different, continuing fuzzing 2025/11/01 20:39:58 adding modified_functions to focus areas: ["__vhost_add_used_n" "__vhost_vq_attach_worker" "iotlb_access_ok" "translate_desc" "vhost_add_used_n" "vhost_chr_write_iter" "vhost_dev_ioctl" "vhost_enable_notify" "vhost_get_avail_idx" "vhost_get_vq_desc" "vhost_kthread_worker_create" "vhost_put_used" "vhost_signal" "vhost_update_used_flags" "vhost_vq_init_access" "vhost_vring_ioctl" "vhost_worker_ioctl"] 2025/11/01 20:39:58 adding directly modified files to focus areas: ["drivers/vhost/vhost.c"] 2025/11/01 20:39:58 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/01 20:40:57 runner 0 connected 2025/11/01 20:40:57 runner 5 connected 2025/11/01 20:40:57 runner 7 connected 2025/11/01 20:40:57 runner 4 connected 2025/11/01 20:41:04 runner 8 connected 2025/11/01 20:41:04 runner 6 connected 2025/11/01 20:41:04 runner 2 connected 2025/11/01 20:41:04 executor cover filter: 0 PCs 2025/11/01 20:41:04 initializing coverage information... 2025/11/01 20:41:04 runner 0 connected 2025/11/01 20:41:04 runner 1 connected 2025/11/01 20:41:05 runner 2 connected 2025/11/01 20:41:05 runner 1 connected 2025/11/01 20:41:05 runner 3 connected 2025/11/01 20:41:07 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/01 20:41:07 base: machine check complete 2025/11/01 20:41:10 discovered 7601 source files, 332486 symbols 2025/11/01 20:41:10 coverage filter: __vhost_add_used_n: [__vhost_add_used_n] 2025/11/01 20:41:10 coverage filter: __vhost_vq_attach_worker: [__vhost_vq_attach_worker] 2025/11/01 20:41:10 coverage filter: iotlb_access_ok: [iotlb_access_ok] 2025/11/01 20:41:10 coverage filter: translate_desc: [translate_desc] 2025/11/01 20:41:10 coverage filter: vhost_add_used_n: [vhost_add_used_n] 2025/11/01 20:41:10 coverage filter: vhost_chr_write_iter: [vhost_chr_write_iter] 2025/11/01 20:41:10 coverage filter: vhost_dev_ioctl: [vhost_dev_ioctl] 2025/11/01 20:41:10 coverage filter: vhost_enable_notify: [vhost_enable_notify] 2025/11/01 20:41:10 coverage filter: vhost_get_avail_idx: [vhost_get_avail_idx] 2025/11/01 20:41:10 coverage filter: vhost_get_vq_desc: [vhost_get_vq_desc] 2025/11/01 20:41:10 coverage filter: vhost_kthread_worker_create: [vhost_kthread_worker_create] 2025/11/01 20:41:10 coverage filter: vhost_put_used: [vhost_put_used] 2025/11/01 20:41:10 coverage filter: vhost_signal: [vhost_signal] 2025/11/01 20:41:10 coverage filter: vhost_update_used_flags: [vhost_update_used_flags] 2025/11/01 20:41:10 coverage filter: vhost_vq_init_access: [vhost_vq_init_access] 2025/11/01 20:41:10 coverage filter: vhost_vring_ioctl: [vhost_vring_ioctl] 2025/11/01 20:41:10 coverage filter: vhost_worker_ioctl: [vhost_worker_ioctl] 2025/11/01 20:41:10 coverage filter: drivers/vhost/vhost.c: [drivers/vhost/vhost.c] 2025/11/01 20:41:10 area "symbols": 663 PCs in the cover filter 2025/11/01 20:41:10 area "files": 1206 PCs in the cover filter 2025/11/01 20:41:10 area "": 0 PCs in the cover filter 2025/11/01 20:41:10 executor cover filter: 0 PCs 2025/11/01 20:41:12 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/01 20:41:12 new: machine check complete 2025/11/01 20:41:16 new: adding 2374 seeds 2025/11/01 20:41:31 triaged 97.1% of the corpus 2025/11/01 20:41:31 starting bug reproductions 2025/11/01 20:41:31 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/01 20:42:01 triaged 100.0% of the corpus 2025/11/01 20:45:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 706, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 12, "coverage": 9777, "distributor delayed": 430, "distributor undelayed": 430, "distributor violated": 0, "exec candidate": 2374, "exec collide": 3967, "exec fuzz": 7585, "exec gen": 387, "exec hints": 1280, "exec inject": 0, "exec minimize": 8891, "exec retries": 0, "exec seeds": 1956, "exec smash": 8464, "exec total [base]": 16724, "exec total [new]": 43946, "exec triage": 1984, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 804, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 147, "max signal": 10160, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4694, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 838, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 189, "reproducing": 0, "rpc recv": 1175495176, "rpc sent": 68230528, "signal": 9275, "smash jobs": 642, "triage jobs": 15, "vm output": 211331, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 20:50:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 33, "corpus": 980, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 327, "coverage": 11292, "distributor delayed": 572, "distributor undelayed": 572, "distributor violated": 0, "exec candidate": 2374, "exec collide": 8860, "exec fuzz": 16599, "exec gen": 875, "exec hints": 3351, "exec inject": 0, "exec minimize": 13308, "exec retries": 0, "exec seeds": 2840, "exec smash": 19897, "exec total [base]": 28066, "exec total [new]": 77834, "exec triage": 2673, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 507, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 137, "max signal": 11686, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6722, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1145, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 278, "reproducing": 0, "rpc recv": 2086180812, "rpc sent": 144024680, "signal": 10834, "smash jobs": 363, "triage jobs": 7, "vm output": 365943, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 20:55:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 64, "corpus": 1179, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 879, "coverage": 12546, "distributor delayed": 688, "distributor undelayed": 688, "distributor violated": 0, "exec candidate": 2374, "exec collide": 13109, "exec fuzz": 24516, "exec gen": 1277, "exec hints": 6241, "exec inject": 0, "exec minimize": 16370, "exec retries": 0, "exec seeds": 3508, "exec smash": 28917, "exec total [base]": 37744, "exec total [new]": 106624, "exec triage": 3254, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 65, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 19, "max signal": 13118, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8077, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1389, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 292, "reproducing": 0, "rpc recv": 2974692332, "rpc sent": 210099216, "signal": 12073, "smash jobs": 36, "triage jobs": 10, "vm output": 511801, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 21:00:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 90, "corpus": 1308, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1424, "coverage": 13042, "distributor delayed": 744, "distributor undelayed": 744, "distributor violated": 0, "exec candidate": 2374, "exec collide": 19357, "exec fuzz": 36034, "exec gen": 1877, "exec hints": 8371, "exec inject": 0, "exec minimize": 18426, "exec retries": 0, "exec seeds": 3903, "exec smash": 32413, "exec total [base]": 46562, "exec total [new]": 133384, "exec triage": 3572, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13557, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9029, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1529, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 317, "reproducing": 0, "rpc recv": 3662484316, "rpc sent": 275060528, "signal": 12541, "smash jobs": 10, "triage jobs": 8, "vm output": 639114, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 21:05:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 99, "corpus": 1417, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1896, "coverage": 13338, "distributor delayed": 795, "distributor undelayed": 795, "distributor violated": 0, "exec candidate": 2374, "exec collide": 25493, "exec fuzz": 47612, "exec gen": 2514, "exec hints": 10073, "exec inject": 0, "exec minimize": 20177, "exec retries": 0, "exec seeds": 4230, "exec smash": 35176, "exec total [base]": 54787, "exec total [new]": 158545, "exec triage": 3840, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 12, "max signal": 13879, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9805, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1646, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 4343821384, "rpc sent": 337141888, "signal": 12821, "smash jobs": 7, "triage jobs": 3, "vm output": 767001, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 21:10:01 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 107, "corpus": 1499, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2365, "coverage": 13536, "distributor delayed": 841, "distributor undelayed": 841, "distributor violated": 0, "exec candidate": 2374, "exec collide": 32051, "exec fuzz": 60075, "exec gen": 3195, "exec hints": 11377, "exec inject": 0, "exec minimize": 21517, "exec retries": 0, "exec seeds": 4475, "exec smash": 37190, "exec total [base]": 63183, "exec total [new]": 183359, "exec triage": 4048, "executor restarts [base]": 28, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14084, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10429, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1737, "no exec duration": 15196000000, "no exec requests": 19, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 4976578484, "rpc sent": 401636992, "signal": 12991, "smash jobs": 10, "triage jobs": 2, "vm output": 913887, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 21:12:01 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/01 21:12:01 repro loop terminated 2025/11/01 21:12:01 base: rpc server terminaled 2025/11/01 21:12:01 new: rpc server terminaled 2025/11/01 21:12:01 new: pool terminated 2025/11/01 21:12:01 new: kernel context loop terminated 2025/11/01 21:12:01 base: pool terminated 2025/11/01 21:12:01 base: kernel context loop terminated 2025/11/01 21:12:01 diff fuzzing terminated 2025/11/01 21:12:01 bug reporting terminated 2025/11/01 21:12:01 status reporting terminated 2025/11/01 21:12:01 fuzzing is finished 2025/11/01 21:12:01 status at the end: Title On-Base On-Patched