2026/01/09 05:48:27 extracted 324528 text symbol hashes for base and 324528 for patched 2026/01/09 05:48:28 binaries are different, continuing fuzzing 2026/01/09 05:48:28 adding modified_functions to focus areas: ["avic_want_avic_enabled"] 2026/01/09 05:48:28 adding directly modified files to focus areas: ["arch/x86/kvm/svm/avic.c"] 2026/01/09 05:48:28 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/01/09 05:49:27 runner 1 connected 2026/01/09 05:49:27 runner 5 connected 2026/01/09 05:49:27 runner 2 connected 2026/01/09 05:49:28 runner 7 connected 2026/01/09 05:49:33 initializing coverage information... 2026/01/09 05:49:34 runner 0 connected 2026/01/09 05:49:34 runner 0 connected 2026/01/09 05:49:35 runner 2 connected 2026/01/09 05:49:35 runner 8 connected 2026/01/09 05:49:35 runner 6 connected 2026/01/09 05:49:35 runner 1 connected 2026/01/09 05:49:35 runner 3 connected 2026/01/09 05:49:36 runner 4 connected 2026/01/09 05:49:37 discovered 7639 source files, 335940 symbols 2026/01/09 05:49:38 coverage filter: avic_want_avic_enabled: [] 2026/01/09 05:49:38 coverage filter: arch/x86/kvm/svm/avic.c: [arch/x86/kvm/svm/avic.c] 2026/01/09 05:49:38 area "symbols": 0 PCs in the cover filter 2026/01/09 05:49:38 area "files": 439 PCs in the cover filter 2026/01/09 05:49:38 area "": 0 PCs in the cover filter 2026/01/09 05:49:38 executor cover filter: 0 PCs 2026/01/09 05:49:39 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/09 05:49:39 new: machine check complete 2026/01/09 05:49:41 executor cover filter: 0 PCs 2026/01/09 05:49:42 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/09 05:49:42 base: machine check complete 2026/01/09 05:49:43 new: adding 2615 seeds 2026/01/09 05:50:00 triaged 97.0% of the corpus 2026/01/09 05:50:00 starting bug reproductions 2026/01/09 05:50:00 starting bug reproductions (max 6 VMs, 4 repros) 2026/01/09 05:50:30 triaged 100.0% of the corpus 2026/01/09 05:53:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 2, "corpus": 686, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9706, "distributor delayed": 427, "distributor undelayed": 427, "distributor violated": 0, "exec candidate": 2615, "exec collide": 4260, "exec fuzz": 7964, "exec gen": 436, "exec hints": 1143, "exec inject": 0, "exec minimize": 9276, "exec retries": 1, "exec seeds": 1948, "exec smash": 9343, "exec total [base]": 17584, "exec total [new]": 46752, "exec triage": 1997, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 675, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 99, "max signal": 10106, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5034, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 811, "no exec duration": 18917000000, "no exec requests": 33, "pending": 0, "prog exec time": 208, "reproducing": 0, "rpc recv": 1318678224, "rpc sent": 69661856, "signal": 9135, "smash jobs": 560, "triage jobs": 16, "vm output": 194651, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 05:58:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 32, "corpus": 926, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 93, "coverage": 11496, "distributor delayed": 574, "distributor undelayed": 574, "distributor violated": 0, "exec candidate": 2615, "exec collide": 8715, "exec fuzz": 16469, "exec gen": 879, "exec hints": 2938, "exec inject": 0, "exec minimize": 14240, "exec retries": 1, "exec seeds": 2725, "exec smash": 20175, "exec total [base]": 28557, "exec total [new]": 79243, "exec triage": 2717, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 361, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 92, "max signal": 11983, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7390, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1097, "no exec duration": 18917000000, "no exec requests": 33, "pending": 0, "prog exec time": 307, "reproducing": 0, "rpc recv": 2334341092, "rpc sent": 161648256, "signal": 10946, "smash jobs": 264, "triage jobs": 5, "vm output": 259100, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 06:03:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 54, "corpus": 1060, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 361, "coverage": 12283, "distributor delayed": 680, "distributor undelayed": 680, "distributor violated": 0, "exec candidate": 2615, "exec collide": 14321, "exec fuzz": 27040, "exec gen": 1396, "exec hints": 6290, "exec inject": 0, "exec minimize": 16702, "exec retries": 1, "exec seeds": 3159, "exec smash": 26240, "exec total [base]": 38456, "exec total [new]": 108706, "exec triage": 3173, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 12888, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8503, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1279, "no exec duration": 18917000000, "no exec requests": 33, "pending": 0, "prog exec time": 321, "reproducing": 0, "rpc recv": 3138544464, "rpc sent": 248255456, "signal": 11611, "smash jobs": 6, "triage jobs": 1, "vm output": 364000, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 06:08:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 64, "corpus": 1161, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 512, "coverage": 12633, "distributor delayed": 769, "distributor undelayed": 769, "distributor violated": 0, "exec candidate": 2615, "exec collide": 21351, "exec fuzz": 40516, "exec gen": 2112, "exec hints": 8136, "exec inject": 0, "exec minimize": 18389, "exec retries": 1, "exec seeds": 3462, "exec smash": 28772, "exec total [base]": 47638, "exec total [new]": 136631, "exec triage": 3507, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 13304, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9277, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1416, "no exec duration": 18917000000, "no exec requests": 33, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 3827723852, "rpc sent": 340098952, "signal": 11944, "smash jobs": 8, "triage jobs": 9, "vm output": 477655, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 06:13:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 73, "corpus": 1246, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 691, "coverage": 12990, "distributor delayed": 830, "distributor undelayed": 830, "distributor violated": 0, "exec candidate": 2615, "exec collide": 28529, "exec fuzz": 54201, "exec gen": 2795, "exec hints": 8597, "exec inject": 0, "exec minimize": 19974, "exec retries": 1, "exec seeds": 3729, "exec smash": 30977, "exec total [base]": 56406, "exec total [new]": 162942, "exec triage": 3756, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13665, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10024, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1515, "no exec duration": 18917000000, "no exec requests": 33, "pending": 0, "prog exec time": 315, "reproducing": 0, "rpc recv": 4483531612, "rpc sent": 430535440, "signal": 12288, "smash jobs": 8, "triage jobs": 0, "vm output": 572580, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 06:18:30 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1302, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 847, "coverage": 13176, "distributor delayed": 865, "distributor undelayed": 865, "distributor violated": 0, "exec candidate": 2615, "exec collide": 36093, "exec fuzz": 68665, "exec gen": 3569, "exec hints": 8749, "exec inject": 0, "exec minimize": 20976, "exec retries": 1, "exec seeds": 3895, "exec smash": 32367, "exec total [base]": 64768, "exec total [new]": 188639, "exec triage": 3940, "executor restarts [base]": 30, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13907, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10474, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1591, "no exec duration": 18952000000, "no exec requests": 34, "pending": 0, "prog exec time": 307, "reproducing": 0, "rpc recv": 5073620024, "rpc sent": 523202072, "signal": 12446, "smash jobs": 7, "triage jobs": 3, "vm output": 674845, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/09 06:20:30 fuzzer has not reached the modified code in 30m0s, aborting 2026/01/09 06:20:30 repro loop terminated 2026/01/09 06:20:30 base: rpc server terminaled 2026/01/09 06:20:30 new: rpc server terminaled 2026/01/09 06:20:31 base: pool terminated 2026/01/09 06:20:31 base: kernel context loop terminated 2026/01/09 06:20:31 new: pool terminated 2026/01/09 06:20:31 new: kernel context loop terminated 2026/01/09 06:20:31 diff fuzzing terminated 2026/01/09 06:20:31 bug reporting terminated 2026/01/09 06:20:31 status reporting terminated 2026/01/09 06:20:31 fuzzing is finished 2026/01/09 06:20:31 status at the end: Title On-Base On-Patched