2025/10/07 23:58:10 extracted 333434 text symbol hashes for base and 333434 for patched 2025/10/07 23:58:10 binaries are different, continuing fuzzing 2025/10/07 23:58:10 adding modified_functions to focus areas: ["svm_set_efer" "svm_set_gif"] 2025/10/07 23:58:10 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c"] 2025/10/07 23:58:10 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/07 23:59:09 runner 6 connected 2025/10/07 23:59:09 runner 0 connected 2025/10/07 23:59:09 runner 2 connected 2025/10/07 23:59:09 runner 3 connected 2025/10/07 23:59:09 runner 1 connected 2025/10/07 23:59:09 runner 4 connected 2025/10/07 23:59:16 initializing coverage information... 2025/10/07 23:59:16 runner 5 connected 2025/10/07 23:59:16 runner 0 connected 2025/10/07 23:59:16 executor cover filter: 0 PCs 2025/10/07 23:59:17 runner 7 connected 2025/10/07 23:59:17 runner 8 connected 2025/10/07 23:59:17 runner 1 connected 2025/10/07 23:59:17 runner 2 connected 2025/10/07 23:59:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/07 23:59:20 base: machine check complete 2025/10/07 23:59:21 discovered 7839 source files, 344893 symbols 2025/10/07 23:59:21 coverage filter: svm_set_efer: [svm_set_efer] 2025/10/07 23:59:21 coverage filter: svm_set_gif: [svm_set_gif] 2025/10/07 23:59:21 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/10/07 23:59:21 area "symbols": 52 PCs in the cover filter 2025/10/07 23:59:21 area "files": 2054 PCs in the cover filter 2025/10/07 23:59:21 area "": 0 PCs in the cover filter 2025/10/07 23:59:21 executor cover filter: 0 PCs 2025/10/07 23:59:23 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/07 23:59:23 new: machine check complete 2025/10/07 23:59:27 new: adding 2276 seeds 2025/10/07 23:59:43 triaged 97.2% of the corpus 2025/10/07 23:59:43 starting bug reproductions 2025/10/07 23:59:43 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/08 00:00:13 triaged 100.0% of the corpus 2025/10/08 00:03:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 706, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9400, "distributor delayed": 376, "distributor undelayed": 376, "distributor violated": 0, "exec candidate": 2276, "exec collide": 3979, "exec fuzz": 7450, "exec gen": 404, "exec hints": 1078, "exec inject": 0, "exec minimize": 9132, "exec retries": 0, "exec seeds": 2019, "exec smash": 8510, "exec total [base]": 16625, "exec total [new]": 43523, "exec triage": 1895, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 829, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 125, "max signal": 9779, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4823, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 818, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 184, "reproducing": 0, "rpc recv": 1199943880, "rpc sent": 63110800, "signal": 8956, "smash jobs": 690, "triage jobs": 14, "vm output": 179660, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:08:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 5, "corpus": 981, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 29, "coverage": 11306, "distributor delayed": 523, "distributor undelayed": 523, "distributor violated": 0, "exec candidate": 2276, "exec collide": 9279, "exec fuzz": 17478, "exec gen": 898, "exec hints": 3221, "exec inject": 0, "exec minimize": 13633, "exec retries": 0, "exec seeds": 2904, "exec smash": 21305, "exec total [base]": 28883, "exec total [new]": 80407, "exec triage": 2634, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 430, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 118, "max signal": 11753, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6929, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1147, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 225, "reproducing": 0, "rpc recv": 2133726860, "rpc sent": 146317976, "signal": 10825, "smash jobs": 300, "triage jobs": 12, "vm output": 303788, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:13:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 38, "corpus": 1231, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 102, "coverage": 13386, "distributor delayed": 644, "distributor undelayed": 644, "distributor violated": 0, "exec candidate": 2276, "exec collide": 13687, "exec fuzz": 25952, "exec gen": 1339, "exec hints": 6550, "exec inject": 0, "exec minimize": 18749, "exec retries": 0, "exec seeds": 3709, "exec smash": 30494, "exec total [base]": 39450, "exec total [new]": 112827, "exec triage": 3291, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 84, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 26, "max signal": 13886, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9459, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1439, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 3173014200, "rpc sent": 225009424, "signal": 12898, "smash jobs": 46, "triage jobs": 12, "vm output": 504158, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:18:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 62, "corpus": 1361, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 251, "coverage": 13736, "distributor delayed": 700, "distributor undelayed": 700, "distributor violated": 0, "exec candidate": 2276, "exec collide": 19551, "exec fuzz": 37159, "exec gen": 1942, "exec hints": 9393, "exec inject": 0, "exec minimize": 21715, "exec retries": 0, "exec seeds": 4115, "exec smash": 34179, "exec total [base]": 48678, "exec total [new]": 140780, "exec triage": 3672, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14264, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10904, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1598, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 320, "reproducing": 0, "rpc recv": 4007378756, "rpc sent": 307729552, "signal": 13219, "smash jobs": 10, "triage jobs": 6, "vm output": 684332, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:23:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1449, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 404, "coverage": 13973, "distributor delayed": 740, "distributor undelayed": 740, "distributor violated": 0, "exec candidate": 2276, "exec collide": 26514, "exec fuzz": 50501, "exec gen": 2629, "exec hints": 10673, "exec inject": 0, "exec minimize": 23141, "exec retries": 0, "exec seeds": 4383, "exec smash": 36439, "exec total [base]": 57291, "exec total [new]": 167244, "exec triage": 3908, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14509, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11568, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1702, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 265, "reproducing": 0, "rpc recv": 4663094420, "rpc sent": 400622968, "signal": 13441, "smash jobs": 7, "triage jobs": 6, "vm output": 812046, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:28:13 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 80, "corpus": 1547, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 517, "coverage": 14298, "distributor delayed": 800, "distributor undelayed": 800, "distributor violated": 0, "exec candidate": 2276, "exec collide": 33156, "exec fuzz": 63410, "exec gen": 3357, "exec hints": 11865, "exec inject": 0, "exec minimize": 24811, "exec retries": 0, "exec seeds": 4677, "exec smash": 38919, "exec total [base]": 65874, "exec total [new]": 193430, "exec triage": 4179, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14915, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12316, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1816, "no exec duration": 15004000000, "no exec requests": 17, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 5357347076, "rpc sent": 498643192, "signal": 13754, "smash jobs": 4, "triage jobs": 1, "vm output": 944190, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:30:13 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/08 00:30:13 repro loop terminated 2025/10/08 00:30:13 new: rpc server terminaled 2025/10/08 00:30:13 base: rpc server terminaled 2025/10/08 00:30:13 new: pool terminated 2025/10/08 00:30:13 new: kernel context loop terminated 2025/10/08 00:30:13 base: pool terminated 2025/10/08 00:30:13 base: kernel context loop terminated 2025/10/08 00:30:13 diff fuzzing terminated 2025/10/08 00:30:13 bug reporting terminated 2025/10/08 00:30:13 status reporting terminated 2025/10/08 00:30:13 fuzzing is finished 2025/10/08 00:30:13 status at the end: Title On-Base On-Patched