2025/09/17 07:27:14 extracted 327366 text symbol hashes for base and 327366 for patched 2025/09/17 07:27:14 symbol "get_rx_bufs.__UNIQUE_ID_ddebug1864" has different values in base vs patch 2025/09/17 07:27:14 binaries are different, continuing fuzzing 2025/09/17 07:27:15 adding modified_functions to focus areas: ["handle_rx" "handle_rx_kick" "handle_rx_net" "handle_tx" "vhost_zerocopy_complete"] 2025/09/17 07:27:15 adding directly modified files to focus areas: ["drivers/vhost/net.c"] 2025/09/17 07:27:16 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/17 07:28:14 runner 1 connected 2025/09/17 07:28:21 executor cover filter: 0 PCs 2025/09/17 07:28:21 runner 3 connected 2025/09/17 07:28:21 runner 1 connected 2025/09/17 07:28:21 runner 6 connected 2025/09/17 07:28:21 runner 8 connected 2025/09/17 07:28:21 runner 4 connected 2025/09/17 07:28:21 runner 7 connected 2025/09/17 07:28:21 runner 2 connected 2025/09/17 07:28:22 runner 5 connected 2025/09/17 07:28:22 runner 3 connected 2025/09/17 07:28:22 runner 9 connected 2025/09/17 07:28:22 runner 0 connected 2025/09/17 07:28:23 runner 0 connected 2025/09/17 07:28:23 runner 2 connected 2025/09/17 07:28:24 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/17 07:28:24 base: machine check complete 2025/09/17 07:28:29 initializing coverage information... 2025/09/17 07:28:34 discovered 7700 source files, 338794 symbols 2025/09/17 07:28:34 coverage filter: handle_rx: [handle_rx handle_rx_kick handle_rx_net ipoib_cm_handle_rx_wc ipoib_ib_handle_rx_wc smsendian_handle_rx_message vhost_vsock_handle_rx_kick] 2025/09/17 07:28:34 coverage filter: handle_rx_kick: [] 2025/09/17 07:28:34 coverage filter: handle_rx_net: [] 2025/09/17 07:28:34 coverage filter: handle_tx: [ath10k_mac_handle_tx_pause_iter ath10k_mac_handle_tx_pause_vdev carl9170_usb_handle_tx_err handle_tx handle_tx handle_tx_kick handle_tx_net i2c_dw_handle_tx_abort ipoib_cm_handle_tx_wc ipoib_ib_handle_tx_wc smsendian_handle_tx_message vhost_vsock_handle_tx_kick] 2025/09/17 07:28:34 coverage filter: vhost_zerocopy_complete: [vhost_zerocopy_complete] 2025/09/17 07:28:34 coverage filter: drivers/vhost/net.c: [drivers/vhost/net.c] 2025/09/17 07:28:34 area "symbols": 597 PCs in the cover filter 2025/09/17 07:28:34 area "files": 664 PCs in the cover filter 2025/09/17 07:28:34 area "": 0 PCs in the cover filter 2025/09/17 07:28:34 executor cover filter: 0 PCs 2025/09/17 07:28:35 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/17 07:28:35 new: machine check complete 2025/09/17 07:28:39 new: adding 2450 seeds 2025/09/17 07:28:48 triaged 97.1% of the corpus 2025/09/17 07:28:48 starting bug reproductions 2025/09/17 07:28:48 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/17 07:29:18 triaged 100.0% of the corpus 2025/09/17 07:32:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 697, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9592, "distributor delayed": 375, "distributor undelayed": 375, "distributor violated": 0, "exec candidate": 2450, "exec collide": 3817, "exec fuzz": 7157, "exec gen": 376, "exec hints": 1178, "exec inject": 0, "exec minimize": 9385, "exec retries": 1, "exec seeds": 1929, "exec smash": 8011, "exec total [base]": 19188, "exec total [new]": 43505, "exec triage": 1893, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 832, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 154, "max signal": 10061, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5062, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 795, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 219, "reproducing": 0, "rpc recv": 1411610876, "rpc sent": 57401344, "signal": 9146, "smash jobs": 667, "triage jobs": 11, "vm output": 223291, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:37:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 4, "corpus": 971, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12032, "distributor delayed": 500, "distributor undelayed": 500, "distributor violated": 0, "exec candidate": 2450, "exec collide": 9417, "exec fuzz": 17629, "exec gen": 943, "exec hints": 3793, "exec inject": 0, "exec minimize": 13592, "exec retries": 1, "exec seeds": 2863, "exec smash": 21093, "exec total [base]": 34558, "exec total [new]": 81671, "exec triage": 2584, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 388, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 107, "max signal": 12499, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7062, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1100, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 233, "reproducing": 0, "rpc recv": 2576205472, "rpc sent": 147867872, "signal": 11535, "smash jobs": 273, "triage jobs": 8, "vm output": 357410, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:42:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 21, "corpus": 1184, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 12756, "distributor delayed": 590, "distributor undelayed": 590, "distributor violated": 0, "exec candidate": 2450, "exec collide": 14956, "exec fuzz": 28077, "exec gen": 1534, "exec hints": 7911, "exec inject": 0, "exec minimize": 17067, "exec retries": 1, "exec seeds": 3546, "exec smash": 29412, "exec total [base]": 48047, "exec total [new]": 115442, "exec triage": 3181, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 27, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13196, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8636, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1356, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 314, "reproducing": 0, "rpc recv": 3698474736, "rpc sent": 235555328, "signal": 12131, "smash jobs": 12, "triage jobs": 8, "vm output": 535875, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:47:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 34, "corpus": 1306, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 13089, "distributor delayed": 651, "distributor undelayed": 651, "distributor violated": 0, "exec candidate": 2450, "exec collide": 22202, "exec fuzz": 41563, "exec gen": 2243, "exec hints": 9313, "exec inject": 0, "exec minimize": 19400, "exec retries": 1, "exec seeds": 3909, "exec smash": 32533, "exec total [base]": 59615, "exec total [new]": 144455, "exec triage": 3536, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13579, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9701, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1507, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 315, "reproducing": 0, "rpc recv": 4623953148, "rpc sent": 323084592, "signal": 12445, "smash jobs": 7, "triage jobs": 8, "vm output": 689432, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:52:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1405, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 55, "coverage": 13356, "distributor delayed": 706, "distributor undelayed": 706, "distributor violated": 0, "exec candidate": 2450, "exec collide": 29676, "exec fuzz": 55883, "exec gen": 3031, "exec hints": 9813, "exec inject": 0, "exec minimize": 21050, "exec retries": 1, "exec seeds": 4215, "exec smash": 35085, "exec total [base]": 70535, "exec total [new]": 172316, "exec triage": 3805, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13888, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10460, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1623, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 338, "reproducing": 0, "rpc recv": 5457628044, "rpc sent": 411535552, "signal": 12697, "smash jobs": 4, "triage jobs": 7, "vm output": 848816, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:57:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1470, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 146, "coverage": 13525, "distributor delayed": 751, "distributor undelayed": 751, "distributor violated": 0, "exec candidate": 2450, "exec collide": 37036, "exec fuzz": 70234, "exec gen": 3770, "exec hints": 10157, "exec inject": 0, "exec minimize": 22254, "exec retries": 1, "exec seeds": 4409, "exec smash": 36611, "exec total [base]": 80873, "exec total [new]": 198246, "exec triage": 4017, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14083, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10996, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1708, "no exec duration": 18004000000, "no exec requests": 19, "pending": 0, "prog exec time": 356, "reproducing": 0, "rpc recv": 6215731692, "rpc sent": 493871784, "signal": 12860, "smash jobs": 9, "triage jobs": 3, "vm output": 996080, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/17 07:59:18 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/17 07:59:18 syz-diff (base): kernel context loop terminated 2025/09/17 07:59:18 syz-diff (new): kernel context loop terminated 2025/09/17 07:59:18 diff fuzzing terminated 2025/09/17 07:59:18 status reporting terminated 2025/09/17 07:59:18 bug reporting terminated 2025/09/17 07:59:18 fuzzing is finished 2025/09/17 07:59:18 status at the end: Title On-Base On-Patched