2025/11/12 02:27:36 extracted 321630 text symbol hashes for base and 321630 for patched 2025/11/12 02:27:37 binaries are different, continuing fuzzing 2025/11/12 02:27:37 adding modified_functions to focus areas: ["clgi_interception" "svm_apic_init_signal_blocked" "svm_cancel_injection" "svm_enable_irq_window" "svm_enable_lbrv" "svm_enable_nmi_window" "svm_get_nested_state" "svm_handle_exit" "svm_inject_exception" "svm_inject_irq" "svm_interrupt_blocked" "svm_invoke_exit_handler" "svm_nmi_blocked" "svm_recalc_intercepts" "svm_set_gif" "svm_set_msr" "svm_skip_emulated_instruction" "svm_sync_dirty_debug_regs" "svm_update_lbrv" "svm_vcpu_create" "svm_vcpu_load" "svm_vcpu_reset" "svm_vcpu_run"] 2025/11/12 02:27:37 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h"] 2025/11/12 02:27:37 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/12 02:28:35 runner 2 connected 2025/11/12 02:28:35 runner 3 connected 2025/11/12 02:28:35 runner 5 connected 2025/11/12 02:28:35 runner 0 connected 2025/11/12 02:28:35 runner 1 connected 2025/11/12 02:28:35 runner 1 connected 2025/11/12 02:28:35 runner 8 connected 2025/11/12 02:28:35 runner 4 connected 2025/11/12 02:28:35 runner 0 connected 2025/11/12 02:28:35 runner 7 connected 2025/11/12 02:28:36 runner 6 connected 2025/11/12 02:28:36 runner 2 connected 2025/11/12 02:28:41 initializing coverage information... 2025/11/12 02:28:41 executor cover filter: 0 PCs 2025/11/12 02:28:43 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/12 02:28:43 base: machine check complete 2025/11/12 02:28:45 discovered 7601 source files, 332486 symbols 2025/11/12 02:28:46 coverage filter: clgi_interception: [clgi_interception] 2025/11/12 02:28:46 coverage filter: svm_apic_init_signal_blocked: [svm_apic_init_signal_blocked] 2025/11/12 02:28:46 coverage filter: svm_cancel_injection: [svm_cancel_injection] 2025/11/12 02:28:46 coverage filter: svm_enable_irq_window: [svm_enable_irq_window] 2025/11/12 02:28:46 coverage filter: svm_enable_lbrv: [svm_enable_lbrv] 2025/11/12 02:28:46 coverage filter: svm_enable_nmi_window: [svm_enable_nmi_window] 2025/11/12 02:28:46 coverage filter: svm_get_nested_state: [svm_get_nested_state svm_get_nested_state_pages] 2025/11/12 02:28:46 coverage filter: svm_handle_exit: [svm_handle_exit svm_handle_exit_irqoff] 2025/11/12 02:28:46 coverage filter: svm_inject_exception: [svm_inject_exception] 2025/11/12 02:28:46 coverage filter: svm_inject_irq: [svm_inject_irq] 2025/11/12 02:28:46 coverage filter: svm_interrupt_blocked: [svm_interrupt_blocked] 2025/11/12 02:28:46 coverage filter: svm_invoke_exit_handler: [svm_invoke_exit_handler] 2025/11/12 02:28:46 coverage filter: svm_nmi_blocked: [svm_nmi_blocked] 2025/11/12 02:28:46 coverage filter: svm_recalc_intercepts: [svm_recalc_intercepts] 2025/11/12 02:28:46 coverage filter: svm_set_gif: [svm_set_gif] 2025/11/12 02:28:46 coverage filter: svm_set_msr: [svm_set_msr] 2025/11/12 02:28:46 coverage filter: svm_skip_emulated_instruction: [__svm_skip_emulated_instruction svm_skip_emulated_instruction] 2025/11/12 02:28:46 coverage filter: svm_sync_dirty_debug_regs: [svm_sync_dirty_debug_regs] 2025/11/12 02:28:46 coverage filter: svm_update_lbrv: [svm_update_lbrv] 2025/11/12 02:28:46 coverage filter: svm_vcpu_create: [svm_vcpu_create] 2025/11/12 02:28:46 coverage filter: svm_vcpu_load: [svm_vcpu_load] 2025/11/12 02:28:46 coverage filter: svm_vcpu_reset: [svm_vcpu_reset] 2025/11/12 02:28:46 coverage filter: svm_vcpu_run: [svm_vcpu_run] 2025/11/12 02:28:46 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/11/12 02:28:46 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/11/12 02:28:46 area "symbols": 805 PCs in the cover filter 2025/11/12 02:28:46 area "files": 2062 PCs in the cover filter 2025/11/12 02:28:46 area "": 0 PCs in the cover filter 2025/11/12 02:28:46 executor cover filter: 0 PCs 2025/11/12 02:28:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/12 02:28:47 new: machine check complete 2025/11/12 02:28:50 new: adding 2481 seeds 2025/11/12 02:29:09 triaged 97.5% of the corpus 2025/11/12 02:29:09 starting bug reproductions 2025/11/12 02:29:09 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/12 02:29:39 triaged 100.0% of the corpus 2025/11/12 02:32:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 13, "corpus": 732, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 85, "coverage": 10269, "distributor delayed": 449, "distributor undelayed": 449, "distributor violated": 0, "exec candidate": 2481, "exec collide": 4053, "exec fuzz": 7832, "exec gen": 385, "exec hints": 1397, "exec inject": 0, "exec minimize": 9788, "exec retries": 0, "exec seeds": 2081, "exec smash": 8539, "exec total [base]": 17898, "exec total [new]": 45958, "exec triage": 2011, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 860, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 177, "max signal": 10807, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5280, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 848, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 234, "reproducing": 0, "rpc recv": 1369721824, "rpc sent": 63555936, "signal": 9742, "smash jobs": 672, "triage jobs": 11, "vm output": 166147, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:37:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 978, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 608, "coverage": 11309, "distributor delayed": 600, "distributor undelayed": 600, "distributor violated": 0, "exec candidate": 2481, "exec collide": 8621, "exec fuzz": 16602, "exec gen": 870, "exec hints": 3496, "exec inject": 0, "exec minimize": 14438, "exec retries": 0, "exec seeds": 2852, "exec smash": 19490, "exec total [base]": 29234, "exec total [new]": 78939, "exec triage": 2699, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 606, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 147, "max signal": 11973, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7404, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1154, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 274, "reproducing": 0, "rpc recv": 2361566200, "rpc sent": 145871104, "signal": 10723, "smash jobs": 438, "triage jobs": 21, "vm output": 257980, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:42:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 104, "corpus": 1146, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1121, "coverage": 12480, "distributor delayed": 692, "distributor undelayed": 692, "distributor violated": 0, "exec candidate": 2481, "exec collide": 12326, "exec fuzz": 23680, "exec gen": 1243, "exec hints": 5917, "exec inject": 0, "exec minimize": 18083, "exec retries": 0, "exec seeds": 3416, "exec smash": 27662, "exec total [base]": 38075, "exec total [new]": 105337, "exec triage": 3142, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 137, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 41, "max signal": 13132, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9088, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1343, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 344, "reproducing": 0, "rpc recv": 3248697140, "rpc sent": 218289416, "signal": 11922, "smash jobs": 86, "triage jobs": 10, "vm output": 378892, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:47:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 138, "corpus": 1256, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1711, "coverage": 12789, "distributor delayed": 747, "distributor undelayed": 747, "distributor violated": 0, "exec candidate": 2481, "exec collide": 17380, "exec fuzz": 33439, "exec gen": 1755, "exec hints": 9748, "exec inject": 0, "exec minimize": 20462, "exec retries": 0, "exec seeds": 3765, "exec smash": 31310, "exec total [base]": 46698, "exec total [new]": 131166, "exec triage": 3434, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 7, "max signal": 13462, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10190, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1467, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 357, "reproducing": 0, "rpc recv": 3991794380, "rpc sent": 296079376, "signal": 12211, "smash jobs": 6, "triage jobs": 2, "vm output": 568715, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:52:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 140, "corpus": 1343, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2228, "coverage": 13094, "distributor delayed": 795, "distributor undelayed": 795, "distributor violated": 0, "exec candidate": 2481, "exec collide": 23376, "exec fuzz": 45199, "exec gen": 2367, "exec hints": 11724, "exec inject": 0, "exec minimize": 21992, "exec retries": 0, "exec seeds": 4023, "exec smash": 33435, "exec total [base]": 54743, "exec total [new]": 155645, "exec triage": 3658, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 13851, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10888, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1566, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 4628252304, "rpc sent": 369838336, "signal": 12506, "smash jobs": 6, "triage jobs": 3, "vm output": 686155, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:57:39 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 144, "corpus": 1408, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2763, "coverage": 13342, "distributor delayed": 828, "distributor undelayed": 828, "distributor violated": 0, "exec candidate": 2481, "exec collide": 29748, "exec fuzz": 57371, "exec gen": 2990, "exec hints": 13346, "exec inject": 0, "exec minimize": 23233, "exec retries": 0, "exec seeds": 4226, "exec smash": 35175, "exec total [base]": 62789, "exec total [new]": 179796, "exec triage": 3837, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14138, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11489, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1645, "no exec duration": 21092000000, "no exec requests": 41, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 5233355016, "rpc sent": 445792864, "signal": 12735, "smash jobs": 4, "triage jobs": 5, "vm output": 797859, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/12 02:59:39 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/12 02:59:39 repro loop terminated 2025/11/12 02:59:39 base: rpc server terminaled 2025/11/12 02:59:39 new: rpc server terminaled 2025/11/12 02:59:39 base: pool terminated 2025/11/12 02:59:39 base: kernel context loop terminated 2025/11/12 02:59:39 new: pool terminated 2025/11/12 02:59:39 new: kernel context loop terminated 2025/11/12 02:59:39 diff fuzzing terminated 2025/11/12 02:59:39 bug reporting terminated 2025/11/12 02:59:39 status reporting terminated 2025/11/12 02:59:39 fuzzing is finished 2025/11/12 02:59:39 status at the end: Title On-Base On-Patched