2025/09/15 03:43:25 extracted 327280 text symbol hashes for base and 327280 for patched 2025/09/15 03:43:25 symbol "handle_tx_zerocopy.__UNIQUE_ID_ddebug1859" has different values in base vs patch 2025/09/15 03:43:25 binaries are different, continuing fuzzing 2025/09/15 03:43:25 adding modified_functions to focus areas: ["handle_rx" "handle_rx_kick" "handle_rx_net" "handle_tx" "vhost_zerocopy_complete"] 2025/09/15 03:43:25 adding directly modified files to focus areas: ["drivers/vhost/net.c"] 2025/09/15 03:43:26 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/15 03:44:24 runner 0 connected 2025/09/15 03:44:24 runner 3 connected 2025/09/15 03:44:24 runner 1 connected 2025/09/15 03:44:24 runner 1 connected 2025/09/15 03:44:24 runner 2 connected 2025/09/15 03:44:24 runner 8 connected 2025/09/15 03:44:24 runner 7 connected 2025/09/15 03:44:31 executor cover filter: 0 PCs 2025/09/15 03:44:31 runner 4 connected 2025/09/15 03:44:31 initializing coverage information... 2025/09/15 03:44:31 runner 3 connected 2025/09/15 03:44:31 runner 9 connected 2025/09/15 03:44:32 runner 0 connected 2025/09/15 03:44:32 runner 6 connected 2025/09/15 03:44:32 runner 2 connected 2025/09/15 03:44:32 runner 5 connected 2025/09/15 03:44:33 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/15 03:44:33 base: machine check complete 2025/09/15 03:44:37 discovered 7699 source files, 338683 symbols 2025/09/15 03:44:37 coverage filter: handle_rx: [handle_rx handle_rx_kick handle_rx_net ipoib_cm_handle_rx_wc ipoib_ib_handle_rx_wc smsendian_handle_rx_message vhost_vsock_handle_rx_kick] 2025/09/15 03:44:37 coverage filter: handle_rx_kick: [] 2025/09/15 03:44:37 coverage filter: handle_rx_net: [] 2025/09/15 03:44:37 coverage filter: handle_tx: [ath10k_mac_handle_tx_pause_iter ath10k_mac_handle_tx_pause_vdev carl9170_usb_handle_tx_err handle_tx handle_tx handle_tx_kick handle_tx_net i2c_dw_handle_tx_abort ipoib_cm_handle_tx_wc ipoib_ib_handle_tx_wc smsendian_handle_tx_message vhost_vsock_handle_tx_kick] 2025/09/15 03:44:37 coverage filter: vhost_zerocopy_complete: [vhost_zerocopy_complete] 2025/09/15 03:44:37 coverage filter: drivers/vhost/net.c: [drivers/vhost/net.c] 2025/09/15 03:44:37 area "symbols": 597 PCs in the cover filter 2025/09/15 03:44:37 area "files": 664 PCs in the cover filter 2025/09/15 03:44:37 area "": 0 PCs in the cover filter 2025/09/15 03:44:37 executor cover filter: 0 PCs 2025/09/15 03:44:39 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/15 03:44:39 new: machine check complete 2025/09/15 03:44:43 new: adding 2422 seeds 2025/09/15 03:44:58 triaged 97.1% of the corpus 2025/09/15 03:44:58 starting bug reproductions 2025/09/15 03:44:58 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/15 03:45:28 triaged 100.0% of the corpus 2025/09/15 03:48:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 709, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10494, "distributor delayed": 396, "distributor undelayed": 396, "distributor violated": 0, "exec candidate": 2422, "exec collide": 4224, "exec fuzz": 8076, "exec gen": 456, "exec hints": 1386, "exec inject": 0, "exec minimize": 9015, "exec retries": 0, "exec seeds": 2015, "exec smash": 9110, "exec total [base]": 20292, "exec total [new]": 45872, "exec triage": 1957, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 787, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 141, "max signal": 10970, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4906, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 825, "no exec duration": 20002000000, "no exec requests": 21, "pending": 0, "prog exec time": 212, "reproducing": 0, "rpc recv": 1378778464, "rpc sent": 64701768, "signal": 9962, "smash jobs": 629, "triage jobs": 17, "vm output": 190821, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 03:53:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 27, "corpus": 1005, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12381, "distributor delayed": 551, "distributor undelayed": 551, "distributor violated": 0, "exec candidate": 2422, "exec collide": 9304, "exec fuzz": 17824, "exec gen": 990, "exec hints": 3671, "exec inject": 0, "exec minimize": 13788, "exec retries": 0, "exec seeds": 2977, "exec smash": 21233, "exec total [base]": 35004, "exec total [new]": 82193, "exec triage": 2774, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 477, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 111, "max signal": 12856, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7100, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1172, "no exec duration": 20002000000, "no exec requests": 21, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 2580309192, "rpc sent": 146388224, "signal": 11723, "smash jobs": 358, "triage jobs": 8, "vm output": 320268, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 03:58:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 43, "corpus": 1153, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12825, "distributor delayed": 636, "distributor undelayed": 636, "distributor violated": 0, "exec candidate": 2422, "exec collide": 14977, "exec fuzz": 28361, "exec gen": 1566, "exec hints": 6738, "exec inject": 0, "exec minimize": 16258, "exec retries": 0, "exec seeds": 3460, "exec smash": 28699, "exec total [base]": 47138, "exec total [new]": 112922, "exec triage": 3233, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 25, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13384, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8210, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1358, "no exec duration": 20002000000, "no exec requests": 21, "pending": 0, "prog exec time": 316, "reproducing": 0, "rpc recv": 3531638752, "rpc sent": 218442400, "signal": 12125, "smash jobs": 10, "triage jobs": 11, "vm output": 615857, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 04:03:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 60, "corpus": 1249, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13126, "distributor delayed": 683, "distributor undelayed": 683, "distributor violated": 0, "exec candidate": 2422, "exec collide": 22292, "exec fuzz": 42348, "exec gen": 2334, "exec hints": 7308, "exec inject": 0, "exec minimize": 18058, "exec retries": 0, "exec seeds": 3750, "exec smash": 31135, "exec total [base]": 58152, "exec total [new]": 140359, "exec triage": 3503, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13730, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9029, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1471, "no exec duration": 20002000000, "no exec requests": 21, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 4376086800, "rpc sent": 291300384, "signal": 12404, "smash jobs": 8, "triage jobs": 4, "vm output": 835610, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 04:08:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 68, "corpus": 1329, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 13345, "distributor delayed": 723, "distributor undelayed": 723, "distributor violated": 0, "exec candidate": 2422, "exec collide": 29683, "exec fuzz": 56327, "exec gen": 3085, "exec hints": 7767, "exec inject": 0, "exec minimize": 19519, "exec retries": 0, "exec seeds": 3990, "exec smash": 33206, "exec total [base]": 68758, "exec total [new]": 166936, "exec triage": 3728, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13970, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9723, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1566, "no exec duration": 20002000000, "no exec requests": 21, "pending": 0, "prog exec time": 349, "reproducing": 0, "rpc recv": 5159172600, "rpc sent": 363497680, "signal": 12601, "smash jobs": 7, "triage jobs": 3, "vm output": 1080715, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 04:13:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 78, "corpus": 1394, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 18, "coverage": 13620, "distributor delayed": 759, "distributor undelayed": 759, "distributor violated": 0, "exec candidate": 2422, "exec collide": 37149, "exec fuzz": 70309, "exec gen": 3846, "exec hints": 7910, "exec inject": 0, "exec minimize": 20842, "exec retries": 0, "exec seeds": 4191, "exec smash": 34857, "exec total [base]": 78924, "exec total [new]": 192656, "exec triage": 3923, "executor restarts [base]": 34, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14297, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10329, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1648, "no exec duration": 20028000000, "no exec requests": 22, "pending": 0, "prog exec time": 348, "reproducing": 0, "rpc recv": 5941135332, "rpc sent": 435842520, "signal": 12869, "smash jobs": 7, "triage jobs": 3, "vm output": 1357209, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 04:15:28 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/15 04:15:28 syz-diff (base): kernel context loop terminated 2025/09/15 04:15:28 syz-diff (new): kernel context loop terminated 2025/09/15 04:15:28 diff fuzzing terminated 2025/09/15 04:15:28 bug reporting terminated 2025/09/15 04:15:28 status reporting terminated 2025/09/15 04:15:28 fuzzing is finished 2025/09/15 04:15:28 status at the end: Title On-Base On-Patched