2025/10/27 23:51:15 extracted 321630 text symbol hashes for base and 321630 for patched 2025/10/27 23:51:15 binaries are different, continuing fuzzing 2025/10/27 23:51:15 adding modified_functions to focus areas: ["__svm_skip_emulated_instruction" "svm_inject_exception" "svm_inject_irq" "svm_skip_emulated_instruction" "svm_update_soft_interrupt_rip" "task_switch_interception"] 2025/10/27 23:51:15 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c"] 2025/10/27 23:51:15 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/27 23:52:14 runner 4 connected 2025/10/27 23:52:14 runner 2 connected 2025/10/27 23:52:14 runner 0 connected 2025/10/27 23:52:14 runner 3 connected 2025/10/27 23:52:14 runner 1 connected 2025/10/27 23:52:14 runner 1 connected 2025/10/27 23:52:14 runner 7 connected 2025/10/27 23:52:14 runner 5 connected 2025/10/27 23:52:14 runner 0 connected 2025/10/27 23:52:14 runner 2 connected 2025/10/27 23:52:15 runner 6 connected 2025/10/27 23:52:21 initializing coverage information... 2025/10/27 23:52:21 executor cover filter: 0 PCs 2025/10/27 23:52:22 runner 8 connected 2025/10/27 23:52:23 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/27 23:52:23 base: machine check complete 2025/10/27 23:52:25 discovered 7601 source files, 332486 symbols 2025/10/27 23:52:26 coverage filter: __svm_skip_emulated_instruction: [__svm_skip_emulated_instruction] 2025/10/27 23:52:26 coverage filter: svm_inject_exception: [svm_inject_exception] 2025/10/27 23:52:26 coverage filter: svm_inject_irq: [svm_inject_irq] 2025/10/27 23:52:26 coverage filter: svm_skip_emulated_instruction: [svm_skip_emulated_instruction] 2025/10/27 23:52:26 coverage filter: svm_update_soft_interrupt_rip: [svm_update_soft_interrupt_rip] 2025/10/27 23:52:26 coverage filter: task_switch_interception: [task_switch_interception] 2025/10/27 23:52:26 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/10/27 23:52:26 area "symbols": 149 PCs in the cover filter 2025/10/27 23:52:26 area "files": 2072 PCs in the cover filter 2025/10/27 23:52:26 area "": 0 PCs in the cover filter 2025/10/27 23:52:26 executor cover filter: 0 PCs 2025/10/27 23:52:27 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/27 23:52:27 new: machine check complete 2025/10/27 23:52:30 new: adding 2418 seeds 2025/10/27 23:52:48 triaged 97.1% of the corpus 2025/10/27 23:52:48 starting bug reproductions 2025/10/27 23:52:48 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/27 23:53:18 triaged 100.0% of the corpus 2025/10/27 23:56:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 4, "corpus": 711, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 53, "coverage": 10013, "distributor delayed": 435, "distributor undelayed": 435, "distributor violated": 0, "exec candidate": 2418, "exec collide": 4027, "exec fuzz": 7468, "exec gen": 416, "exec hints": 1258, "exec inject": 0, "exec minimize": 9381, "exec retries": 0, "exec seeds": 1961, "exec smash": 8448, "exec total [base]": 17433, "exec total [new]": 44502, "exec triage": 1926, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 825, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 159, "max signal": 10385, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5127, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 813, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 190, "reproducing": 0, "rpc recv": 1240539512, "rpc sent": 67113776, "signal": 9483, "smash jobs": 655, "triage jobs": 11, "vm output": 173951, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:01:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 963, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 476, "coverage": 11079, "distributor delayed": 555, "distributor undelayed": 555, "distributor violated": 0, "exec candidate": 2418, "exec collide": 8683, "exec fuzz": 16443, "exec gen": 848, "exec hints": 3252, "exec inject": 0, "exec minimize": 13604, "exec retries": 0, "exec seeds": 2818, "exec smash": 19653, "exec total [base]": 28659, "exec total [new]": 77502, "exec triage": 2579, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 507, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 109, "max signal": 11561, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7152, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1105, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 266, "reproducing": 0, "rpc recv": 2212582688, "rpc sent": 156759616, "signal": 10590, "smash jobs": 391, "triage jobs": 7, "vm output": 304740, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:06:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 82, "corpus": 1129, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1084, "coverage": 11592, "distributor delayed": 618, "distributor undelayed": 618, "distributor violated": 0, "exec candidate": 2418, "exec collide": 13585, "exec fuzz": 25571, "exec gen": 1367, "exec hints": 6898, "exec inject": 0, "exec minimize": 16472, "exec retries": 0, "exec seeds": 3372, "exec smash": 28028, "exec total [base]": 38517, "exec total [new]": 107897, "exec triage": 2981, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 10, "max signal": 12019, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8542, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1293, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 266, "reproducing": 0, "rpc recv": 3007597744, "rpc sent": 247722480, "signal": 11088, "smash jobs": 4, "triage jobs": 8, "vm output": 485595, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:11:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 99, "corpus": 1257, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1546, "coverage": 12675, "distributor delayed": 688, "distributor undelayed": 688, "distributor violated": 0, "exec candidate": 2418, "exec collide": 19871, "exec fuzz": 37589, "exec gen": 2015, "exec hints": 10379, "exec inject": 0, "exec minimize": 18951, "exec retries": 0, "exec seeds": 3760, "exec smash": 31231, "exec total [base]": 48211, "exec total [new]": 136789, "exec triage": 3370, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 8, "max signal": 13196, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9672, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1454, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 274, "reproducing": 0, "rpc recv": 3792523652, "rpc sent": 338982784, "signal": 12123, "smash jobs": 8, "triage jobs": 7, "vm output": 737181, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:16:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 114, "corpus": 1352, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1964, "coverage": 13059, "distributor delayed": 738, "distributor undelayed": 738, "distributor violated": 0, "exec candidate": 2418, "exec collide": 26237, "exec fuzz": 49786, "exec gen": 2682, "exec hints": 11926, "exec inject": 0, "exec minimize": 20841, "exec retries": 0, "exec seeds": 4055, "exec smash": 33725, "exec total [base]": 56640, "exec total [new]": 162500, "exec triage": 3628, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 13647, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10569, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1564, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 313, "reproducing": 0, "rpc recv": 4509169624, "rpc sent": 440608000, "signal": 12483, "smash jobs": 7, "triage jobs": 8, "vm output": 963613, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:21:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 123, "corpus": 1431, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2362, "coverage": 13283, "distributor delayed": 783, "distributor undelayed": 783, "distributor violated": 0, "exec candidate": 2418, "exec collide": 32510, "exec fuzz": 61701, "exec gen": 3352, "exec hints": 13140, "exec inject": 0, "exec minimize": 22769, "exec retries": 0, "exec seeds": 4293, "exec smash": 35698, "exec total [base]": 64853, "exec total [new]": 186916, "exec triage": 3830, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13868, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11545, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1651, "no exec duration": 22036000000, "no exec requests": 30, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 5210332696, "rpc sent": 539587040, "signal": 12691, "smash jobs": 6, "triage jobs": 5, "vm output": 1178079, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/28 00:23:18 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/28 00:23:18 repro loop terminated 2025/10/28 00:23:18 base: rpc server terminaled 2025/10/28 00:23:18 new: rpc server terminaled 2025/10/28 00:23:18 new: pool terminated 2025/10/28 00:23:18 new: kernel context loop terminated 2025/10/28 00:23:18 base: pool terminated 2025/10/28 00:23:18 base: kernel context loop terminated 2025/10/28 00:23:18 diff fuzzing terminated 2025/10/28 00:23:18 bug reporting terminated 2025/10/28 00:23:18 status reporting terminated 2025/10/28 00:23:18 fuzzing is finished 2025/10/28 00:23:18 status at the end: Title On-Base On-Patched