2025/08/05 14:00:09 extracted 302589 symbol hashes for base and 302589 for patched 2025/08/05 14:00:09 adding modified_functions to focus areas: ["handle_rx" "handle_rx_kick" "handle_rx_net" "handle_tx" "nvmet_execute_disc_identify" "vhost_net_ioctl" "vhost_net_release" "vhost_net_stop" "vhost_net_ubuf_put" "vhost_net_ubuf_put_and_wait" "vhost_zerocopy_complete"] 2025/08/05 14:00:09 adding directly modified files to focus areas: ["drivers/vhost/net.c"] 2025/08/05 14:00:11 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/05 14:01:00 runner 3 connected 2025/08/05 14:01:00 runner 1 connected 2025/08/05 14:01:00 runner 6 connected 2025/08/05 14:01:00 runner 7 connected 2025/08/05 14:01:00 runner 5 connected 2025/08/05 14:01:01 runner 8 connected 2025/08/05 14:01:01 runner 9 connected 2025/08/05 14:01:01 runner 1 connected 2025/08/05 14:01:01 runner 4 connected 2025/08/05 14:01:01 runner 2 connected 2025/08/05 14:01:02 runner 0 connected 2025/08/05 14:01:02 runner 2 connected 2025/08/05 14:01:02 runner 0 connected 2025/08/05 14:01:06 initializing coverage information... 2025/08/05 14:01:06 executor cover filter: 0 PCs 2025/08/05 14:01:08 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/05 14:01:08 base: machine check complete 2025/08/05 14:01:10 discovered 7666 source files, 337374 symbols 2025/08/05 14:01:10 coverage filter: handle_rx: [handle_rx handle_rx_kick handle_rx_net ipoib_cm_handle_rx_wc ipoib_ib_handle_rx_wc smsendian_handle_rx_message vhost_vsock_handle_rx_kick] 2025/08/05 14:01:10 coverage filter: handle_rx_kick: [] 2025/08/05 14:01:10 coverage filter: handle_rx_net: [] 2025/08/05 14:01:10 coverage filter: handle_tx: [ath10k_mac_handle_tx_pause_iter ath10k_mac_handle_tx_pause_vdev carl9170_usb_handle_tx_err handle_tx handle_tx handle_tx_kick handle_tx_net i2c_dw_handle_tx_abort ipoib_cm_handle_tx_wc ipoib_ib_handle_tx_wc smsendian_handle_tx_message vhost_vsock_handle_tx_kick] 2025/08/05 14:01:10 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/05 14:01:10 coverage filter: vhost_net_ioctl: [vhost_net_ioctl] 2025/08/05 14:01:10 coverage filter: vhost_net_release: [vhost_net_release] 2025/08/05 14:01:10 coverage filter: vhost_net_stop: [vhost_net_stop] 2025/08/05 14:01:10 coverage filter: vhost_net_ubuf_put: [vhost_net_ubuf_put vhost_net_ubuf_put_and_wait] 2025/08/05 14:01:10 coverage filter: vhost_net_ubuf_put_and_wait: [] 2025/08/05 14:01:10 coverage filter: vhost_zerocopy_complete: [vhost_zerocopy_complete] 2025/08/05 14:01:10 coverage filter: drivers/vhost/net.c: [drivers/vhost/net.c] 2025/08/05 14:01:10 area "symbols": 753 PCs in the cover filter 2025/08/05 14:01:10 area "files": 652 PCs in the cover filter 2025/08/05 14:01:10 area "": 0 PCs in the cover filter 2025/08/05 14:01:10 executor cover filter: 0 PCs 2025/08/05 14:01:11 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/05 14:01:11 new: machine check complete 2025/08/05 14:01:12 triaged 100.0% of the corpus 2025/08/05 14:01:12 triaged 100.0% of the corpus 2025/08/05 14:01:12 starting bug reproductions 2025/08/05 14:01:12 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/05 14:01:14 new: adding 2209 seeds 2025/08/05 14:05:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 839, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 10511, "distributor delayed": 522, "distributor undelayed": 522, "distributor violated": 0, "exec candidate": 2209, "exec collide": 6047, "exec fuzz": 11562, "exec gen": 666, "exec hints": 1945, "exec inject": 0, "exec minimize": 11170, "exec retries": 0, "exec seeds": 2387, "exec smash": 13682, "exec total [base]": 20487, "exec total [new]": 58458, "exec triage": 2227, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 810, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 146, "max signal": 10884, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5947, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 956, "no exec duration": 21882000000, "no exec requests": 353, "pending": 0, "prog exec time": 178, "reproducing": 0, "rpc recv": 936874080, "rpc sent": 101956376, "signal": 10073, "smash jobs": 654, "triage jobs": 10, "vm output": 235689, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/05 14:10:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1156, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12609, "distributor delayed": 658, "distributor undelayed": 658, "distributor violated": 0, "exec candidate": 2209, "exec collide": 12449, "exec fuzz": 23787, "exec gen": 1323, "exec hints": 5716, "exec inject": 0, "exec minimize": 16488, "exec retries": 0, "exec seeds": 3471, "exec smash": 28111, "exec total [base]": 34462, "exec total [new]": 103133, "exec triage": 3016, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 115, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 32, "max signal": 13011, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8397, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1314, "no exec duration": 21882000000, "no exec requests": 353, "pending": 0, "prog exec time": 223, "reproducing": 0, "rpc recv": 1398642104, "rpc sent": 206059688, "signal": 12112, "smash jobs": 76, "triage jobs": 7, "vm output": 528373, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/05 14:10:59 runner 3 connected 2025/08/05 14:15:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1323, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13142, "distributor delayed": 738, "distributor undelayed": 738, "distributor violated": 0, "exec candidate": 2209, "exec collide": 21257, "exec fuzz": 40743, "exec gen": 2157, "exec hints": 7413, "exec inject": 0, "exec minimize": 19615, "exec retries": 0, "exec seeds": 3974, "exec smash": 33037, "exec total [base]": 49115, "exec total [new]": 140424, "exec triage": 3454, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13604, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9990, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1511, "no exec duration": 21895000000, "no exec requests": 354, "pending": 0, "prog exec time": 219, "reproducing": 0, "rpc recv": 1689708288, "rpc sent": 309140784, "signal": 12645, "smash jobs": 12, "triage jobs": 9, "vm output": 830708, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/05 14:20:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1443, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13421, "distributor delayed": 786, "distributor undelayed": 786, "distributor violated": 0, "exec candidate": 2209, "exec collide": 29799, "exec fuzz": 56855, "exec gen": 3088, "exec hints": 7648, "exec inject": 0, "exec minimize": 21794, "exec retries": 0, "exec seeds": 4341, "exec smash": 36153, "exec total [base]": 62323, "exec total [new]": 172202, "exec triage": 3750, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13882, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11034, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1643, "no exec duration": 21895000000, "no exec requests": 354, "pending": 0, "prog exec time": 275, "reproducing": 0, "rpc recv": 1894146872, "rpc sent": 407034432, "signal": 12917, "smash jobs": 4, "triage jobs": 6, "vm output": 1094345, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/05 14:25:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1524, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13597, "distributor delayed": 816, "distributor undelayed": 816, "distributor violated": 0, "exec candidate": 2209, "exec collide": 38684, "exec fuzz": 73731, "exec gen": 3993, "exec hints": 7833, "exec inject": 0, "exec minimize": 23378, "exec retries": 0, "exec seeds": 4587, "exec smash": 38190, "exec total [base]": 74933, "exec total [new]": 203125, "exec triage": 3956, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14074, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11813, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1733, "no exec duration": 21895000000, "no exec requests": 354, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 2036894828, "rpc sent": 503278192, "signal": 13092, "smash jobs": 2, "triage jobs": 1, "vm output": 1386350, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/05 14:30:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1591, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13759, "distributor delayed": 846, "distributor undelayed": 846, "distributor violated": 0, "exec candidate": 2209, "exec collide": 47672, "exec fuzz": 90856, "exec gen": 4840, "exec hints": 8098, "exec inject": 0, "exec minimize": 24609, "exec retries": 0, "exec seeds": 4791, "exec smash": 39856, "exec total [base]": 87599, "exec total [new]": 233616, "exec triage": 4122, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14250, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12403, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1808, "no exec duration": 21895000000, "no exec requests": 354, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 2168206800, "rpc sent": 599134952, "signal": 13267, "smash jobs": 4, "triage jobs": 4, "vm output": 1672563, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/05 14:31:12 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/05 14:31:12 syz-diff (base): kernel context loop terminated 2025/08/05 14:31:12 syz-diff (new): kernel context loop terminated 2025/08/05 14:31:12 diff fuzzing terminated 2025/08/05 14:31:12 status reporting terminated 2025/08/05 14:31:12 bug reporting terminated 2025/08/05 14:31:12 fuzzing is finished 2025/08/05 14:31:12 status at the end: Title On-Base On-Patched