2025/08/06 12:34:48 extracted 302589 symbol hashes for base and 302589 for patched 2025/08/06 12:34:48 adding modified_functions to focus areas: ["handle_rx" "nvmet_execute_disc_identify"] 2025/08/06 12:34:48 adding directly modified files to focus areas: ["drivers/vhost/net.c"] 2025/08/06 12:34:49 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/06 12:35:39 runner 3 connected 2025/08/06 12:35:39 runner 3 connected 2025/08/06 12:35:40 runner 7 connected 2025/08/06 12:35:40 runner 8 connected 2025/08/06 12:35:40 runner 2 connected 2025/08/06 12:35:45 executor cover filter: 0 PCs 2025/08/06 12:35:45 initializing coverage information... 2025/08/06 12:35:46 runner 2 connected 2025/08/06 12:35:46 runner 9 connected 2025/08/06 12:35:46 runner 5 connected 2025/08/06 12:35:46 runner 1 connected 2025/08/06 12:35:46 runner 1 connected 2025/08/06 12:35:47 runner 0 connected 2025/08/06 12:35:47 runner 0 connected 2025/08/06 12:35:47 runner 6 connected 2025/08/06 12:35:47 runner 4 connected 2025/08/06 12:35:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/06 12:35:47 base: machine check complete 2025/08/06 12:35:49 discovered 7666 source files, 337374 symbols 2025/08/06 12:35:50 coverage filter: handle_rx: [handle_rx handle_rx_kick handle_rx_net ipoib_cm_handle_rx_wc ipoib_ib_handle_rx_wc smsendian_handle_rx_message vhost_vsock_handle_rx_kick] 2025/08/06 12:35:50 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/06 12:35:50 coverage filter: drivers/vhost/net.c: [drivers/vhost/net.c] 2025/08/06 12:35:50 area "symbols": 265 PCs in the cover filter 2025/08/06 12:35:50 area "files": 643 PCs in the cover filter 2025/08/06 12:35:50 area "": 0 PCs in the cover filter 2025/08/06 12:35:50 executor cover filter: 0 PCs 2025/08/06 12:35:51 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/06 12:35:51 new: machine check complete 2025/08/06 12:35:54 new: adding 2034 seeds 2025/08/06 12:36:20 triaged 100.0% of the corpus 2025/08/06 12:36:20 triaged 100.0% of the corpus 2025/08/06 12:36:20 starting bug reproductions 2025/08/06 12:36:20 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/06 12:39:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 769, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10531, "distributor delayed": 438, "distributor undelayed": 438, "distributor violated": 0, "exec candidate": 2034, "exec collide": 4989, "exec fuzz": 9164, "exec gen": 474, "exec hints": 1467, "exec inject": 0, "exec minimize": 10242, "exec retries": 0, "exec seeds": 2188, "exec smash": 10709, "exec total [base]": 23448, "exec total [new]": 49394, "exec triage": 2083, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 817, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 141, "max signal": 11039, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5428, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 894, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 208, "reproducing": 0, "rpc recv": 907170932, "rpc sent": 81864504, "signal": 9994, "smash jobs": 656, "triage jobs": 20, "vm output": 202184, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 12:44:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 42, "corpus": 1090, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12275, "distributor delayed": 605, "distributor undelayed": 605, "distributor violated": 0, "exec candidate": 2034, "exec collide": 10100, "exec fuzz": 18980, "exec gen": 938, "exec hints": 3833, "exec inject": 0, "exec minimize": 15731, "exec retries": 0, "exec seeds": 3198, "exec smash": 22730, "exec total [base]": 38993, "exec total [new]": 86573, "exec triage": 2984, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 506, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 128, "max signal": 12956, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7900, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1274, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 275, "reproducing": 0, "rpc recv": 1416468508, "rpc sent": 165257304, "signal": 11606, "smash jobs": 372, "triage jobs": 6, "vm output": 325551, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 12:49:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 67, "corpus": 1276, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 48, "coverage": 12885, "distributor delayed": 694, "distributor undelayed": 694, "distributor violated": 0, "exec candidate": 2034, "exec collide": 15574, "exec fuzz": 29298, "exec gen": 1477, "exec hints": 7426, "exec inject": 0, "exec minimize": 18671, "exec retries": 0, "exec seeds": 3828, "exec smash": 31749, "exec total [base]": 52556, "exec total [new]": 119635, "exec triage": 3534, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 8, "max signal": 13697, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9208, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1507, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 289, "reproducing": 0, "rpc recv": 1710203792, "rpc sent": 238819224, "signal": 12183, "smash jobs": 9, "triage jobs": 3, "vm output": 541450, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 12:54:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 79, "corpus": 1400, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 63, "coverage": 13236, "distributor delayed": 753, "distributor undelayed": 753, "distributor violated": 0, "exec candidate": 2034, "exec collide": 23405, "exec fuzz": 43837, "exec gen": 2207, "exec hints": 9842, "exec inject": 0, "exec minimize": 20502, "exec retries": 0, "exec seeds": 4207, "exec smash": 34965, "exec total [base]": 65482, "exec total [new]": 150919, "exec triage": 3873, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 14067, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10051, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1654, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 309, "reproducing": 0, "rpc recv": 1887254372, "rpc sent": 316162104, "signal": 12625, "smash jobs": 7, "triage jobs": 3, "vm output": 819980, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 12:59:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 86, "corpus": 1463, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 73, "coverage": 13364, "distributor delayed": 786, "distributor undelayed": 786, "distributor violated": 0, "exec candidate": 2034, "exec collide": 31697, "exec fuzz": 59419, "exec gen": 3005, "exec hints": 10423, "exec inject": 0, "exec minimize": 21510, "exec retries": 0, "exec seeds": 4398, "exec smash": 36566, "exec total [base]": 77051, "exec total [new]": 179167, "exec triage": 4069, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14214, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10507, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1739, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 2008809668, "rpc sent": 390408856, "signal": 12734, "smash jobs": 6, "triage jobs": 6, "vm output": 1015595, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 13:04:50 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 92, "corpus": 1531, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 88, "coverage": 13532, "distributor delayed": 817, "distributor undelayed": 817, "distributor violated": 0, "exec candidate": 2034, "exec collide": 39651, "exec fuzz": 74923, "exec gen": 3869, "exec hints": 10569, "exec inject": 0, "exec minimize": 22659, "exec retries": 0, "exec seeds": 4598, "exec smash": 38275, "exec total [base]": 88353, "exec total [new]": 206881, "exec triage": 4258, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 14401, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11035, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1822, "no exec duration": 15186000000, "no exec requests": 40, "pending": 0, "prog exec time": 301, "reproducing": 0, "rpc recv": 2127085424, "rpc sent": 465127168, "signal": 12874, "smash jobs": 6, "triage jobs": 8, "vm output": 1194784, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 13:06:20 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/06 13:06:20 syz-diff (base): kernel context loop terminated 2025/08/06 13:06:20 syz-diff (new): kernel context loop terminated 2025/08/06 13:06:20 diff fuzzing terminated 2025/08/06 13:06:20 bug reporting terminated 2025/08/06 13:06:20 status reporting terminated 2025/08/06 13:06:20 fuzzing is finished 2025/08/06 13:06:20 status at the end: Title On-Base On-Patched