2025/09/12 09:20:09 extracted 327280 text symbol hashes for base and 327280 for patched 2025/09/12 09:20:09 symbol "handle_rx.__UNIQUE_ID_ddebug1865" has different values in base vs patch 2025/09/12 09:20:09 binaries are different, continuing fuzzing 2025/09/12 09:20:09 adding modified_functions to focus areas: ["handle_rx" "handle_rx_kick" "handle_rx_net" "handle_tx" "vhost_zerocopy_complete"] 2025/09/12 09:20:09 adding directly modified files to focus areas: ["drivers/vhost/net.c"] 2025/09/12 09:20:10 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/12 09:21:08 runner 9 connected 2025/09/12 09:21:08 runner 2 connected 2025/09/12 09:21:08 runner 8 connected 2025/09/12 09:21:08 runner 5 connected 2025/09/12 09:21:08 runner 1 connected 2025/09/12 09:21:08 runner 7 connected 2025/09/12 09:21:08 runner 6 connected 2025/09/12 09:21:15 runner 3 connected 2025/09/12 09:21:15 initializing coverage information... 2025/09/12 09:21:16 runner 2 connected 2025/09/12 09:21:16 executor cover filter: 0 PCs 2025/09/12 09:21:16 runner 4 connected 2025/09/12 09:21:16 runner 3 connected 2025/09/12 09:21:16 runner 1 connected 2025/09/12 09:21:16 runner 0 connected 2025/09/12 09:21:17 runner 0 connected 2025/09/12 09:21:19 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/12 09:21:19 base: machine check complete 2025/09/12 09:21:21 discovered 7699 source files, 338683 symbols 2025/09/12 09:21:21 coverage filter: handle_rx: [handle_rx handle_rx_kick handle_rx_net ipoib_cm_handle_rx_wc ipoib_ib_handle_rx_wc smsendian_handle_rx_message vhost_vsock_handle_rx_kick] 2025/09/12 09:21:21 coverage filter: handle_rx_kick: [] 2025/09/12 09:21:21 coverage filter: handle_rx_net: [] 2025/09/12 09:21:21 coverage filter: handle_tx: [ath10k_mac_handle_tx_pause_iter ath10k_mac_handle_tx_pause_vdev carl9170_usb_handle_tx_err handle_tx handle_tx handle_tx_kick handle_tx_net i2c_dw_handle_tx_abort ipoib_cm_handle_tx_wc ipoib_ib_handle_tx_wc smsendian_handle_tx_message vhost_vsock_handle_tx_kick] 2025/09/12 09:21:21 coverage filter: vhost_zerocopy_complete: [vhost_zerocopy_complete] 2025/09/12 09:21:21 coverage filter: drivers/vhost/net.c: [drivers/vhost/net.c] 2025/09/12 09:21:21 area "symbols": 597 PCs in the cover filter 2025/09/12 09:21:21 area "files": 664 PCs in the cover filter 2025/09/12 09:21:21 area "": 0 PCs in the cover filter 2025/09/12 09:21:21 executor cover filter: 0 PCs 2025/09/12 09:21:23 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/12 09:21:23 new: machine check complete 2025/09/12 09:21:27 new: adding 2503 seeds 2025/09/12 09:21:42 triaged 97.0% of the corpus 2025/09/12 09:21:42 starting bug reproductions 2025/09/12 09:21:42 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/12 09:22:12 triaged 100.0% of the corpus 2025/09/12 09:25:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 711, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9580, "distributor delayed": 384, "distributor undelayed": 384, "distributor violated": 0, "exec candidate": 2503, "exec collide": 4160, "exec fuzz": 8055, "exec gen": 419, "exec hints": 1309, "exec inject": 0, "exec minimize": 9157, "exec retries": 0, "exec seeds": 1982, "exec smash": 9089, "exec total [base]": 20499, "exec total [new]": 45998, "exec triage": 1871, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 760, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 141, "max signal": 9912, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4898, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 795, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 216, "reproducing": 0, "rpc recv": 1336661164, "rpc sent": 77451288, "signal": 9127, "smash jobs": 608, "triage jobs": 11, "vm output": 211348, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:30:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 12, "corpus": 970, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11759, "distributor delayed": 515, "distributor undelayed": 515, "distributor violated": 0, "exec candidate": 2503, "exec collide": 9906, "exec fuzz": 18875, "exec gen": 1012, "exec hints": 4182, "exec inject": 0, "exec minimize": 13183, "exec retries": 0, "exec seeds": 2869, "exec smash": 22486, "exec total [base]": 36141, "exec total [new]": 85041, "exec triage": 2573, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 233, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 76, "max signal": 12216, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6830, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1098, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 258, "reproducing": 0, "rpc recv": 2448017788, "rpc sent": 180304280, "signal": 11328, "smash jobs": 148, "triage jobs": 9, "vm output": 333003, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:35:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 31, "corpus": 1143, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12417, "distributor delayed": 622, "distributor undelayed": 622, "distributor violated": 0, "exec candidate": 2503, "exec collide": 15849, "exec fuzz": 30304, "exec gen": 1603, "exec hints": 9108, "exec inject": 0, "exec minimize": 16253, "exec retries": 0, "exec seeds": 3411, "exec smash": 28328, "exec total [base]": 49164, "exec total [new]": 117922, "exec triage": 3108, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 12908, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8198, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1318, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 276, "reproducing": 0, "rpc recv": 3512622804, "rpc sent": 274074144, "signal": 11954, "smash jobs": 9, "triage jobs": 4, "vm output": 629202, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:40:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1224, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12691, "distributor delayed": 665, "distributor undelayed": 665, "distributor violated": 0, "exec candidate": 2503, "exec collide": 23844, "exec fuzz": 45245, "exec gen": 2394, "exec hints": 10851, "exec inject": 0, "exec minimize": 17656, "exec retries": 0, "exec seeds": 3657, "exec smash": 30445, "exec total [base]": 60809, "exec total [new]": 147404, "exec triage": 3355, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13244, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8811, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1421, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 339, "reproducing": 0, "rpc recv": 4372562984, "rpc sent": 373264760, "signal": 12196, "smash jobs": 5, "triage jobs": 3, "vm output": 905925, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:45:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1313, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 13213, "distributor delayed": 716, "distributor undelayed": 716, "distributor violated": 0, "exec candidate": 2503, "exec collide": 31645, "exec fuzz": 60255, "exec gen": 3167, "exec hints": 12278, "exec inject": 0, "exec minimize": 19106, "exec retries": 0, "exec seeds": 3925, "exec smash": 32674, "exec total [base]": 72302, "exec total [new]": 176603, "exec triage": 3599, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13713, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9495, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1528, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 5187413200, "rpc sent": 472674360, "signal": 12564, "smash jobs": 4, "triage jobs": 3, "vm output": 1151365, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:50:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 1386, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13478, "distributor delayed": 749, "distributor undelayed": 749, "distributor violated": 0, "exec candidate": 2503, "exec collide": 39621, "exec fuzz": 75369, "exec gen": 3941, "exec hints": 13470, "exec inject": 0, "exec minimize": 20373, "exec retries": 0, "exec seeds": 4152, "exec smash": 34557, "exec total [base]": 83527, "exec total [new]": 205228, "exec triage": 3788, "executor restarts [base]": 31, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 6, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13934, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10088, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1610, "no exec duration": 15037000000, "no exec requests": 19, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 5970208724, "rpc sent": 571682480, "signal": 12768, "smash jobs": 4, "triage jobs": 0, "vm output": 1430775, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/12 09:52:12 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/12 09:52:12 syz-diff (base): kernel context loop terminated 2025/09/12 09:52:12 syz-diff (new): kernel context loop terminated 2025/09/12 09:52:12 diff fuzzing terminated 2025/09/12 09:52:12 bug reporting terminated 2025/09/12 09:52:12 status reporting terminated 2025/09/12 09:52:12 fuzzing is finished 2025/09/12 09:52:12 status at the end: Title On-Base On-Patched