2025/10/07 23:25:56 extracted 333434 text symbol hashes for base and 333434 for patched 2025/10/07 23:25:56 binaries are different, continuing fuzzing 2025/10/07 23:25:56 adding modified_functions to focus areas: ["kvm_gmem_fallocate" "kvm_gmem_fault_user_mapping" "kvm_gmem_release"] 2025/10/07 23:25:56 adding directly modified files to focus areas: ["virt/kvm/guest_memfd.c"] 2025/10/07 23:25:56 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/07 23:26:55 runner 0 connected 2025/10/07 23:26:55 runner 6 connected 2025/10/07 23:26:55 runner 4 connected 2025/10/07 23:26:56 runner 7 connected 2025/10/07 23:27:02 runner 1 connected 2025/10/07 23:27:02 runner 2 connected 2025/10/07 23:27:02 initializing coverage information... 2025/10/07 23:27:02 executor cover filter: 0 PCs 2025/10/07 23:27:02 runner 5 connected 2025/10/07 23:27:02 runner 3 connected 2025/10/07 23:27:02 runner 1 connected 2025/10/07 23:27:02 runner 0 connected 2025/10/07 23:27:03 runner 8 connected 2025/10/07 23:27:03 runner 2 connected 2025/10/07 23:27:05 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/07 23:27:05 base: machine check complete 2025/10/07 23:27:07 discovered 7839 source files, 344893 symbols 2025/10/07 23:27:07 coverage filter: kvm_gmem_fallocate: [kvm_gmem_fallocate] 2025/10/07 23:27:07 coverage filter: kvm_gmem_fault_user_mapping: [kvm_gmem_fault_user_mapping] 2025/10/07 23:27:07 coverage filter: kvm_gmem_release: [kvm_gmem_release] 2025/10/07 23:27:07 coverage filter: virt/kvm/guest_memfd.c: [virt/kvm/guest_memfd.c] 2025/10/07 23:27:07 area "symbols": 76 PCs in the cover filter 2025/10/07 23:27:07 area "files": 209 PCs in the cover filter 2025/10/07 23:27:07 area "": 0 PCs in the cover filter 2025/10/07 23:27:07 executor cover filter: 0 PCs 2025/10/07 23:27:09 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/07 23:27:09 new: machine check complete 2025/10/07 23:27:13 new: adding 2276 seeds 2025/10/07 23:27:28 triaged 97.2% of the corpus 2025/10/07 23:27:28 starting bug reproductions 2025/10/07 23:27:28 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/07 23:27:58 triaged 100.0% of the corpus 2025/10/07 23:30:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 668, "corpus [files]": 4, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 8944, "distributor delayed": 407, "distributor undelayed": 407, "distributor violated": 0, "exec candidate": 2276, "exec collide": 3864, "exec fuzz": 7322, "exec gen": 383, "exec hints": 1203, "exec inject": 0, "exec minimize": 8383, "exec retries": 0, "exec seeds": 1886, "exec smash": 8255, "exec total [base]": 16132, "exec total [new]": 42149, "exec triage": 1806, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 744, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 118, "max signal": 9414, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4554, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 763, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 169, "reproducing": 0, "rpc recv": 1157529536, "rpc sent": 61548528, "signal": 8514, "smash jobs": 618, "triage jobs": 8, "vm output": 182427, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:35:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 9, "corpus": 941, "corpus [files]": 6, "corpus [symbols]": 1, "cover overflows": 44, "coverage": 11263, "distributor delayed": 562, "distributor undelayed": 562, "distributor violated": 0, "exec candidate": 2276, "exec collide": 9047, "exec fuzz": 17084, "exec gen": 867, "exec hints": 3442, "exec inject": 0, "exec minimize": 12774, "exec retries": 0, "exec seeds": 2770, "exec smash": 20564, "exec total [base]": 28311, "exec total [new]": 78171, "exec triage": 2575, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 340, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 80, "max signal": 11781, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6582, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1100, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 241, "reproducing": 0, "rpc recv": 2050311900, "rpc sent": 141097144, "signal": 10716, "smash jobs": 249, "triage jobs": 11, "vm output": 280453, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:40:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 19, "corpus": 1103, "corpus [files]": 7, "corpus [symbols]": 1, "cover overflows": 99, "coverage": 12027, "distributor delayed": 636, "distributor undelayed": 636, "distributor violated": 0, "exec candidate": 2276, "exec collide": 15529, "exec fuzz": 29235, "exec gen": 1525, "exec hints": 6494, "exec inject": 0, "exec minimize": 15475, "exec retries": 0, "exec seeds": 3290, "exec smash": 27335, "exec total [base]": 38927, "exec total [new]": 110953, "exec triage": 3022, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 12578, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7888, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1293, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 264, "reproducing": 0, "rpc recv": 2825313856, "rpc sent": 222305800, "signal": 11502, "smash jobs": 7, "triage jobs": 6, "vm output": 481376, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:45:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 23, "corpus": 1206, "corpus [files]": 10, "corpus [symbols]": 1, "cover overflows": 205, "coverage": 12702, "distributor delayed": 679, "distributor undelayed": 679, "distributor violated": 0, "exec candidate": 2276, "exec collide": 24010, "exec fuzz": 45118, "exec gen": 2311, "exec hints": 7287, "exec inject": 0, "exec minimize": 17147, "exec retries": 0, "exec seeds": 3594, "exec smash": 29893, "exec total [base]": 49139, "exec total [new]": 141694, "exec triage": 3283, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13260, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8655, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1408, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 279, "reproducing": 0, "rpc recv": 3458702728, "rpc sent": 304105360, "signal": 12146, "smash jobs": 8, "triage jobs": 1, "vm output": 643547, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:50:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 34, "corpus": 1298, "corpus [files]": 13, "corpus [symbols]": 1, "cover overflows": 429, "coverage": 12984, "distributor delayed": 728, "distributor undelayed": 728, "distributor violated": 0, "exec candidate": 2276, "exec collide": 32560, "exec fuzz": 61404, "exec gen": 3181, "exec hints": 7647, "exec inject": 0, "exec minimize": 18662, "exec retries": 0, "exec seeds": 3882, "exec smash": 32295, "exec total [base]": 59199, "exec total [new]": 172221, "exec triage": 3543, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 13561, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9388, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1525, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 240, "reproducing": 0, "rpc recv": 4025781684, "rpc sent": 384617704, "signal": 12402, "smash jobs": 4, "triage jobs": 5, "vm output": 838224, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:55:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1395, "corpus [files]": 15, "corpus [symbols]": 1, "cover overflows": 634, "coverage": 13433, "distributor delayed": 776, "distributor undelayed": 776, "distributor violated": 0, "exec candidate": 2276, "exec collide": 40719, "exec fuzz": 77203, "exec gen": 4030, "exec hints": 7912, "exec inject": 0, "exec minimize": 20445, "exec retries": 0, "exec seeds": 4171, "exec smash": 34638, "exec total [base]": 69096, "exec total [new]": 201953, "exec triage": 3786, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14028, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10274, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1632, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 4621323288, "rpc sent": 466977968, "signal": 12828, "smash jobs": 10, "triage jobs": 1, "vm output": 1083590, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/07 23:57:58 fuzzer has reached the modified code (1 + 15 + 0), continuing fuzzing 2025/10/08 00:00:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1449, "corpus [files]": 15, "corpus [symbols]": 1, "cover overflows": 749, "coverage": 13553, "distributor delayed": 804, "distributor undelayed": 804, "distributor violated": 0, "exec candidate": 2276, "exec collide": 49720, "exec fuzz": 93870, "exec gen": 4914, "exec hints": 8008, "exec inject": 0, "exec minimize": 21526, "exec retries": 0, "exec seeds": 4338, "exec smash": 36025, "exec total [base]": 78627, "exec total [new]": 231415, "exec triage": 3966, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14172, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10811, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1710, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 286, "reproducing": 0, "rpc recv": 5155793940, "rpc sent": 549716824, "signal": 12954, "smash jobs": 9, "triage jobs": 10, "vm output": 1297819, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:05:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1502, "corpus [files]": 19, "corpus [symbols]": 1, "cover overflows": 892, "coverage": 13678, "distributor delayed": 833, "distributor undelayed": 833, "distributor violated": 0, "exec candidate": 2276, "exec collide": 58274, "exec fuzz": 110110, "exec gen": 5794, "exec hints": 8350, "exec inject": 0, "exec minimize": 22610, "exec retries": 0, "exec seeds": 4497, "exec smash": 37445, "exec total [base]": 88252, "exec total [new]": 260234, "exec triage": 4106, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 14290, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11333, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1770, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 267, "reproducing": 0, "rpc recv": 5693096700, "rpc sent": 631106680, "signal": 13062, "smash jobs": 3, "triage jobs": 4, "vm output": 1535529, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:10:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 56, "corpus": 1559, "corpus [files]": 20, "corpus [symbols]": 1, "cover overflows": 1001, "coverage": 13788, "distributor delayed": 857, "distributor undelayed": 857, "distributor violated": 0, "exec candidate": 2276, "exec collide": 66883, "exec fuzz": 126150, "exec gen": 6636, "exec hints": 8632, "exec inject": 0, "exec minimize": 23773, "exec retries": 0, "exec seeds": 4669, "exec smash": 38860, "exec total [base]": 97653, "exec total [new]": 288895, "exec triage": 4241, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 6, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14399, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11945, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1831, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 370, "reproducing": 0, "rpc recv": 6219179444, "rpc sent": 708256728, "signal": 13164, "smash jobs": 4, "triage jobs": 1, "vm output": 1752313, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:15:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 60, "corpus": 1602, "corpus [files]": 20, "corpus [symbols]": 1, "cover overflows": 1158, "coverage": 13918, "distributor delayed": 877, "distributor undelayed": 877, "distributor violated": 0, "exec candidate": 2276, "exec collide": 75711, "exec fuzz": 143029, "exec gen": 7561, "exec hints": 8723, "exec inject": 0, "exec minimize": 24488, "exec retries": 0, "exec seeds": 4800, "exec smash": 39957, "exec total [base]": 107239, "exec total [new]": 317670, "exec triage": 4352, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14570, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12317, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1880, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 267, "reproducing": 0, "rpc recv": 6709347584, "rpc sent": 788248136, "signal": 13303, "smash jobs": 5, "triage jobs": 2, "vm output": 1982361, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:20:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 66, "corpus": 1640, "corpus [files]": 20, "corpus [symbols]": 1, "cover overflows": 1335, "coverage": 14070, "distributor delayed": 904, "distributor undelayed": 904, "distributor violated": 0, "exec candidate": 2276, "exec collide": 84676, "exec fuzz": 159640, "exec gen": 8425, "exec hints": 8763, "exec inject": 0, "exec minimize": 25289, "exec retries": 0, "exec seeds": 4913, "exec smash": 40889, "exec total [base]": 116573, "exec total [new]": 346114, "exec triage": 4469, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14710, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12722, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1932, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 278, "reproducing": 0, "rpc recv": 7204743196, "rpc sent": 867986344, "signal": 13453, "smash jobs": 4, "triage jobs": 4, "vm output": 2219752, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:25:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 72, "corpus": 1691, "corpus [files]": 25, "corpus [symbols]": 5, "cover overflows": 1519, "coverage": 14272, "distributor delayed": 933, "distributor undelayed": 933, "distributor violated": 0, "exec candidate": 2276, "exec collide": 93262, "exec fuzz": 175867, "exec gen": 9245, "exec hints": 9255, "exec inject": 0, "exec minimize": 26202, "exec retries": 0, "exec seeds": 5070, "exec smash": 42202, "exec total [base]": 125814, "exec total [new]": 374754, "exec triage": 4601, "executor restarts [base]": 30, "executor restarts [new]": 45, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 14900, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 13165, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1988, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 7715413424, "rpc sent": 948695144, "signal": 13632, "smash jobs": 5, "triage jobs": 2, "vm output": 2454809, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/08 00:27:51 runner 6 connected 2025/10/08 00:27:52 runner 0 connected 2025/10/08 00:27:52 runner 2 connected 2025/10/08 00:27:52 runner 7 connected 2025/10/08 00:27:52 runner 4 connected 2025/10/08 00:27:53 runner 5 connected 2025/10/08 00:27:58 runner 2 connected 2025/10/08 00:27:58 runner 3 connected 2025/10/08 00:27:59 runner 1 connected 2025/10/08 00:27:59 runner 8 connected 2025/10/08 00:27:59 runner 1 connected 2025/10/08 00:28:00 runner 0 connected 2025/10/08 00:30:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 72, "corpus": 1719, "corpus [files]": 25, "corpus [symbols]": 5, "cover overflows": 1609, "coverage": 14337, "distributor delayed": 947, "distributor undelayed": 947, "distributor violated": 0, "exec candidate": 2276, "exec collide": 99913, "exec fuzz": 188477, "exec gen": 9919, "exec hints": 9286, "exec inject": 0, "exec minimize": 26736, "exec retries": 0, "exec seeds": 5151, "exec smash": 42899, "exec total [base]": 132833, "exec total [new]": 396144, "exec triage": 4690, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 6, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14972, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 13425, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2026, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 330, "reproducing": 0, "rpc recv": 8492703224, "rpc sent": 1012168912, "signal": 13684, "smash jobs": 3, "triage jobs": 2, "vm output": 2808018, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 00:35:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 72, "corpus": 1759, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 1739, "coverage": 14439, "distributor delayed": 966, "distributor undelayed": 966, "distributor violated": 0, "exec candidate": 2276, "exec collide": 108581, "exec fuzz": 205052, "exec gen": 10784, "exec hints": 9370, "exec inject": 0, "exec minimize": 27572, "exec retries": 0, "exec seeds": 5280, "exec smash": 43991, "exec total [base]": 142149, "exec total [new]": 424503, "exec triage": 4802, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 6, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15067, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 13818, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2075, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 281, "reproducing": 0, "rpc recv": 9033963172, "rpc sent": 1091987856, "signal": 13798, "smash jobs": 1, "triage jobs": 5, "vm output": 3045690, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 00:40:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 81, "corpus": 1794, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 1865, "coverage": 14590, "distributor delayed": 984, "distributor undelayed": 984, "distributor violated": 0, "exec candidate": 2276, "exec collide": 117446, "exec fuzz": 221959, "exec gen": 11653, "exec hints": 9482, "exec inject": 0, "exec minimize": 28204, "exec retries": 0, "exec seeds": 5385, "exec smash": 44846, "exec total [base]": 151407, "exec total [new]": 452926, "exec triage": 4880, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15175, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 14110, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2109, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 277, "reproducing": 0, "rpc recv": 9569629592, "rpc sent": 1173280080, "signal": 13887, "smash jobs": 2, "triage jobs": 1, "vm output": 3288749, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 00:45:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 85, "corpus": 1825, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2070, "coverage": 14654, "distributor delayed": 1001, "distributor undelayed": 1001, "distributor violated": 0, "exec candidate": 2276, "exec collide": 126190, "exec fuzz": 238367, "exec gen": 12522, "exec hints": 9556, "exec inject": 0, "exec minimize": 28979, "exec retries": 0, "exec seeds": 5476, "exec smash": 45580, "exec total [base]": 160785, "exec total [new]": 480710, "exec triage": 4968, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15242, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 14501, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2145, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 10096255552, "rpc sent": 1252478816, "signal": 13949, "smash jobs": 6, "triage jobs": 2, "vm output": 3518930, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 00:50:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 87, "corpus": 1848, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2229, "coverage": 14736, "distributor delayed": 1018, "distributor undelayed": 1018, "distributor violated": 0, "exec candidate": 2276, "exec collide": 135202, "exec fuzz": 255617, "exec gen": 13414, "exec hints": 9646, "exec inject": 0, "exec minimize": 29359, "exec retries": 0, "exec seeds": 5547, "exec smash": 46197, "exec total [base]": 170053, "exec total [new]": 509084, "exec triage": 5029, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 2, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15327, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 14689, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2171, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 276, "reproducing": 0, "rpc recv": 10591976892, "rpc sent": 1333521696, "signal": 14029, "smash jobs": 2, "triage jobs": 0, "vm output": 3740949, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 00:55:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 88, "corpus": 1864, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2428, "coverage": 14766, "distributor delayed": 1025, "distributor undelayed": 1025, "distributor violated": 0, "exec candidate": 2276, "exec collide": 144123, "exec fuzz": 272587, "exec gen": 14330, "exec hints": 9693, "exec inject": 0, "exec minimize": 29662, "exec retries": 0, "exec seeds": 5595, "exec smash": 46618, "exec total [base]": 179262, "exec total [new]": 536759, "exec triage": 5081, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 1, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15365, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 14836, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2192, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 11080143668, "rpc sent": 1414463936, "signal": 14056, "smash jobs": 1, "triage jobs": 0, "vm output": 3979209, "vm restarts [base]": 6, "vm restarts [new]": 18 } 2025/10/08 01:00:00 crash "KASAN: slab-use-after-free Write in kvm_gmem_release" is already known 2025/10/08 01:00:00 base crash "KASAN: slab-use-after-free Write in kvm_gmem_release" is to be ignored 2025/10/08 01:00:00 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 01:00:01 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 01:00:56 runner 3 connected 2025/10/08 01:00:57 runner 0 connected 2025/10/08 01:00:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 88, "corpus": 1876, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2578, "coverage": 14794, "distributor delayed": 1030, "distributor undelayed": 1030, "distributor violated": 0, "exec candidate": 2276, "exec collide": 153267, "exec fuzz": 289410, "exec gen": 15257, "exec hints": 9702, "exec inject": 0, "exec minimize": 29848, "exec retries": 0, "exec seeds": 5631, "exec smash": 46925, "exec total [base]": 187874, "exec total [new]": 564219, "exec triage": 5109, "executor restarts [base]": 39, "executor restarts [new]": 72, "fault jobs": 0, "fuzzer jobs": 0, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 8, "hints jobs": 0, "max signal": 15394, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 14930, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2205, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 282, "reproducing": 0, "rpc recv": 11514644804, "rpc sent": 1492865768, "signal": 14084, "smash jobs": 0, "triage jobs": 0, "vm output": 4208411, "vm restarts [base]": 7, "vm restarts [new]": 19 } 2025/10/08 01:05:41 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 01:05:50 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 01:05:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 91, "corpus": 1889, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2768, "coverage": 14813, "distributor delayed": 1041, "distributor undelayed": 1041, "distributor violated": 0, "exec candidate": 2276, "exec collide": 162096, "exec fuzz": 305949, "exec gen": 16105, "exec hints": 9755, "exec inject": 0, "exec minimize": 30166, "exec retries": 0, "exec seeds": 5670, "exec smash": 47228, "exec total [base]": 196538, "exec total [new]": 591196, "exec triage": 5159, "executor restarts [base]": 42, "executor restarts [new]": 75, "fault jobs": 0, "fuzzer jobs": 5, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 8, "hints jobs": 1, "max signal": 15438, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15066, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2226, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 12038572696, "rpc sent": 1570969280, "signal": 14102, "smash jobs": 2, "triage jobs": 2, "vm output": 4490510, "vm restarts [base]": 7, "vm restarts [new]": 19 } 2025/10/08 01:06:31 runner 1 connected 2025/10/08 01:06:40 runner 5 connected 2025/10/08 01:10:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 94, "corpus": 1903, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 2937, "coverage": 14846, "distributor delayed": 1052, "distributor undelayed": 1052, "distributor violated": 0, "exec candidate": 2276, "exec collide": 170637, "exec fuzz": 322529, "exec gen": 16956, "exec hints": 10028, "exec inject": 0, "exec minimize": 30495, "exec retries": 0, "exec seeds": 5712, "exec smash": 47596, "exec total [base]": 205323, "exec total [new]": 618237, "exec triage": 5211, "executor restarts [base]": 45, "executor restarts [new]": 78, "fault jobs": 0, "fuzzer jobs": 3, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15481, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15227, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2247, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 298, "reproducing": 0, "rpc recv": 12567419152, "rpc sent": 1647223672, "signal": 14130, "smash jobs": 1, "triage jobs": 2, "vm output": 4775806, "vm restarts [base]": 8, "vm restarts [new]": 20 } 2025/10/08 01:15:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 109, "corpus": 1925, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 3111, "coverage": 14925, "distributor delayed": 1062, "distributor undelayed": 1062, "distributor violated": 0, "exec candidate": 2276, "exec collide": 179297, "exec fuzz": 339156, "exec gen": 17847, "exec hints": 10227, "exec inject": 0, "exec minimize": 31047, "exec retries": 0, "exec seeds": 5778, "exec smash": 48134, "exec total [base]": 214374, "exec total [new]": 645828, "exec triage": 5272, "executor restarts [base]": 45, "executor restarts [new]": 78, "fault jobs": 0, "fuzzer jobs": 2, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15554, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15464, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2271, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 295, "reproducing": 0, "rpc recv": 13072027520, "rpc sent": 1727181328, "signal": 14200, "smash jobs": 1, "triage jobs": 1, "vm output": 5063492, "vm restarts [base]": 8, "vm restarts [new]": 20 } 2025/10/08 01:20:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 110, "corpus": 1943, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 3269, "coverage": 15005, "distributor delayed": 1069, "distributor undelayed": 1069, "distributor violated": 0, "exec candidate": 2276, "exec collide": 188237, "exec fuzz": 356093, "exec gen": 18788, "exec hints": 10244, "exec inject": 0, "exec minimize": 31375, "exec retries": 0, "exec seeds": 5832, "exec smash": 48589, "exec total [base]": 223528, "exec total [new]": 673542, "exec triage": 5312, "executor restarts [base]": 45, "executor restarts [new]": 78, "fault jobs": 0, "fuzzer jobs": 1, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15641, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15608, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2289, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 13561531632, "rpc sent": 1807740264, "signal": 14283, "smash jobs": 1, "triage jobs": 0, "vm output": 5338523, "vm restarts [base]": 8, "vm restarts [new]": 20 } 2025/10/08 01:24:30 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 01:24:57 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 01:25:19 runner 8 connected 2025/10/08 01:25:46 runner 1 connected 2025/10/08 01:25:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 113, "corpus": 1960, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 3474, "coverage": 15060, "distributor delayed": 1078, "distributor undelayed": 1078, "distributor violated": 0, "exec candidate": 2276, "exec collide": 196692, "exec fuzz": 372406, "exec gen": 19634, "exec hints": 10260, "exec inject": 0, "exec minimize": 31785, "exec retries": 0, "exec seeds": 5878, "exec smash": 48953, "exec total [base]": 231938, "exec total [new]": 700045, "exec triage": 5365, "executor restarts [base]": 48, "executor restarts [new]": 81, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 15692, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15795, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2313, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 281, "reproducing": 0, "rpc recv": 14082028812, "rpc sent": 1885394784, "signal": 14339, "smash jobs": 3, "triage jobs": 3, "vm output": 5633211, "vm restarts [base]": 9, "vm restarts [new]": 21 } 2025/10/08 01:28:47 runner 6 connected 2025/10/08 01:28:48 runner 1 connected 2025/10/08 01:28:48 runner 7 connected 2025/10/08 01:28:48 runner 4 connected 2025/10/08 01:28:48 runner 2 connected 2025/10/08 01:28:55 runner 2 connected 2025/10/08 01:28:56 runner 0 connected 2025/10/08 01:30:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 117, "corpus": 1973, "corpus [files]": 26, "corpus [symbols]": 5, "cover overflows": 3616, "coverage": 15094, "distributor delayed": 1081, "distributor undelayed": 1081, "distributor violated": 0, "exec candidate": 2276, "exec collide": 204142, "exec fuzz": 386363, "exec gen": 20347, "exec hints": 10266, "exec inject": 0, "exec minimize": 32067, "exec retries": 0, "exec seeds": 5922, "exec smash": 49350, "exec total [base]": 240204, "exec total [new]": 722936, "exec triage": 5391, "executor restarts [base]": 51, "executor restarts [new]": 99, "fault jobs": 0, "fuzzer jobs": 0, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15717, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 15921, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2324, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 295, "reproducing": 0, "rpc recv": 14751844624, "rpc sent": 1954676664, "signal": 14368, "smash jobs": 0, "triage jobs": 0, "vm output": 5974043, "vm restarts [base]": 10, "vm restarts [new]": 27 } 2025/10/08 01:35:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 119, "corpus": 1986, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 3774, "coverage": 15128, "distributor delayed": 1088, "distributor undelayed": 1088, "distributor violated": 0, "exec candidate": 2276, "exec collide": 213060, "exec fuzz": 403141, "exec gen": 21205, "exec hints": 10279, "exec inject": 0, "exec minimize": 32364, "exec retries": 0, "exec seeds": 5961, "exec smash": 49663, "exec total [base]": 249080, "exec total [new]": 750196, "exec triage": 5435, "executor restarts [base]": 51, "executor restarts [new]": 99, "fault jobs": 0, "fuzzer jobs": 1, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15758, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16055, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2342, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 15217736288, "rpc sent": 2033407928, "signal": 14410, "smash jobs": 1, "triage jobs": 0, "vm output": 6255603, "vm restarts [base]": 10, "vm restarts [new]": 27 } 2025/10/08 01:40:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 123, "corpus": 1997, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 3920, "coverage": 15156, "distributor delayed": 1099, "distributor undelayed": 1099, "distributor violated": 0, "exec candidate": 2276, "exec collide": 222002, "exec fuzz": 420271, "exec gen": 22093, "exec hints": 10292, "exec inject": 0, "exec minimize": 32598, "exec retries": 0, "exec seeds": 5994, "exec smash": 49950, "exec total [base]": 258077, "exec total [new]": 777767, "exec triage": 5478, "executor restarts [base]": 51, "executor restarts [new]": 99, "fault jobs": 0, "fuzzer jobs": 0, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15818, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16169, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2359, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 15690161988, "rpc sent": 2114559920, "signal": 14439, "smash jobs": 0, "triage jobs": 0, "vm output": 6541962, "vm restarts [base]": 10, "vm restarts [new]": 27 } 2025/10/08 01:45:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 123, "corpus": 2004, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4042, "coverage": 15171, "distributor delayed": 1101, "distributor undelayed": 1101, "distributor violated": 0, "exec candidate": 2276, "exec collide": 231067, "exec fuzz": 437426, "exec gen": 23016, "exec hints": 10295, "exec inject": 0, "exec minimize": 32692, "exec retries": 0, "exec seeds": 6015, "exec smash": 50105, "exec total [base]": 267258, "exec total [new]": 805196, "exec triage": 5495, "executor restarts [base]": 51, "executor restarts [new]": 99, "fault jobs": 0, "fuzzer jobs": 2, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15834, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16211, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2367, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 16157200200, "rpc sent": 2196606936, "signal": 14454, "smash jobs": 2, "triage jobs": 0, "vm output": 6832358, "vm restarts [base]": 10, "vm restarts [new]": 27 } 2025/10/08 01:50:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 123, "corpus": 2017, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4187, "coverage": 15204, "distributor delayed": 1107, "distributor undelayed": 1107, "distributor violated": 0, "exec candidate": 2276, "exec collide": 240100, "exec fuzz": 454506, "exec gen": 23983, "exec hints": 10326, "exec inject": 0, "exec minimize": 32875, "exec retries": 0, "exec seeds": 6052, "exec smash": 50419, "exec total [base]": 276412, "exec total [new]": 832875, "exec triage": 5527, "executor restarts [base]": 51, "executor restarts [new]": 99, "fault jobs": 0, "fuzzer jobs": 5, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15870, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16289, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2383, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 307, "reproducing": 0, "rpc recv": 16627627876, "rpc sent": 2278961848, "signal": 14487, "smash jobs": 2, "triage jobs": 2, "vm output": 7111755, "vm restarts [base]": 10, "vm restarts [new]": 27 } 2025/10/08 01:52:54 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 01:53:51 runner 4 connected 2025/10/08 01:55:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 126, "corpus": 2030, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4352, "coverage": 15239, "distributor delayed": 1117, "distributor undelayed": 1117, "distributor violated": 0, "exec candidate": 2276, "exec collide": 248756, "exec fuzz": 470589, "exec gen": 24847, "exec hints": 10363, "exec inject": 0, "exec minimize": 33185, "exec retries": 0, "exec seeds": 6093, "exec smash": 50775, "exec total [base]": 285477, "exec total [new]": 859255, "exec triage": 5562, "executor restarts [base]": 51, "executor restarts [new]": 102, "fault jobs": 0, "fuzzer jobs": 0, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15902, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16430, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2396, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 17149993968, "rpc sent": 2357250880, "signal": 14521, "smash jobs": 0, "triage jobs": 0, "vm output": 7396036, "vm restarts [base]": 10, "vm restarts [new]": 28 } 2025/10/08 02:00:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 131, "corpus": 2051, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4517, "coverage": 15291, "distributor delayed": 1129, "distributor undelayed": 1129, "distributor violated": 0, "exec candidate": 2276, "exec collide": 257381, "exec fuzz": 486600, "exec gen": 25705, "exec hints": 10689, "exec inject": 0, "exec minimize": 33750, "exec retries": 0, "exec seeds": 6156, "exec smash": 51300, "exec total [base]": 294435, "exec total [new]": 886276, "exec triage": 5609, "executor restarts [base]": 51, "executor restarts [new]": 102, "fault jobs": 0, "fuzzer jobs": 0, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 8, "hints jobs": 0, "max signal": 16008, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16698, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2417, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 306, "reproducing": 0, "rpc recv": 17655082504, "rpc sent": 2435489928, "signal": 14571, "smash jobs": 0, "triage jobs": 0, "vm output": 7679123, "vm restarts [base]": 10, "vm restarts [new]": 28 } 2025/10/08 02:01:53 runner 3 connected 2025/10/08 02:01:54 runner 0 connected 2025/10/08 02:05:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 131, "corpus": 2054, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4641, "coverage": 15334, "distributor delayed": 1129, "distributor undelayed": 1129, "distributor violated": 0, "exec candidate": 2276, "exec collide": 266072, "exec fuzz": 503428, "exec gen": 26562, "exec hints": 10690, "exec inject": 0, "exec minimize": 33813, "exec retries": 0, "exec seeds": 6165, "exec smash": 51353, "exec total [base]": 302560, "exec total [new]": 912791, "exec triage": 5618, "executor restarts [base]": 54, "executor restarts [new]": 105, "fault jobs": 0, "fuzzer jobs": 2, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 16018, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16728, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2421, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 292, "reproducing": 0, "rpc recv": 18140287456, "rpc sent": 2512641288, "signal": 14580, "smash jobs": 1, "triage jobs": 0, "vm output": 7968074, "vm restarts [base]": 11, "vm restarts [new]": 29 } 2025/10/08 02:07:36 runner 5 connected 2025/10/08 02:09:52 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 02:10:09 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 02:10:49 runner 7 connected 2025/10/08 02:10:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 131, "corpus": 2065, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4783, "coverage": 15362, "distributor delayed": 1133, "distributor undelayed": 1133, "distributor violated": 0, "exec candidate": 2276, "exec collide": 274327, "exec fuzz": 519225, "exec gen": 27464, "exec hints": 10715, "exec inject": 0, "exec minimize": 34070, "exec retries": 0, "exec seeds": 6198, "exec smash": 51643, "exec total [base]": 310800, "exec total [new]": 938377, "exec triage": 5648, "executor restarts [base]": 54, "executor restarts [new]": 108, "fault jobs": 0, "fuzzer jobs": 1, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 16047, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16851, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2434, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 303, "reproducing": 0, "rpc recv": 18652448308, "rpc sent": 2585901832, "signal": 14603, "smash jobs": 1, "triage jobs": 0, "vm output": 8238715, "vm restarts [base]": 11, "vm restarts [new]": 31 } 2025/10/08 02:11:05 runner 2 connected 2025/10/08 02:15:10 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 02:15:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 132, "corpus": 2079, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 4937, "coverage": 15385, "distributor delayed": 1135, "distributor undelayed": 1135, "distributor violated": 0, "exec candidate": 2276, "exec collide": 282462, "exec fuzz": 534982, "exec gen": 28301, "exec hints": 10754, "exec inject": 0, "exec minimize": 34360, "exec retries": 0, "exec seeds": 6238, "exec smash": 51967, "exec total [base]": 319298, "exec total [new]": 963841, "exec triage": 5689, "executor restarts [base]": 57, "executor restarts [new]": 111, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 8, "hints jobs": 1, "max signal": 16073, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 16991, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2452, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 313, "reproducing": 0, "rpc recv": 19142218004, "rpc sent": 2662054496, "signal": 14622, "smash jobs": 2, "triage jobs": 1, "vm output": 8520487, "vm restarts [base]": 12, "vm restarts [new]": 31 } 2025/10/08 02:16:07 runner 7 connected 2025/10/08 02:20:58 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 144, "corpus": 2090, "corpus [files]": 27, "corpus [symbols]": 6, "cover overflows": 5135, "coverage": 15412, "distributor delayed": 1139, "distributor undelayed": 1139, "distributor violated": 0, "exec candidate": 2276, "exec collide": 290983, "exec fuzz": 551160, "exec gen": 29187, "exec hints": 10884, "exec inject": 0, "exec minimize": 34699, "exec retries": 0, "exec seeds": 6273, "exec smash": 52270, "exec total [base]": 328119, "exec total [new]": 990267, "exec triage": 5718, "executor restarts [base]": 57, "executor restarts [new]": 114, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 16096, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 17150, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 2465, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 19656015216, "rpc sent": 2739029544, "signal": 14645, "smash jobs": 2, "triage jobs": 2, "vm output": 8816354, "vm restarts [base]": 12, "vm restarts [new]": 32 } 2025/10/08 02:22:09 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 02:22:15 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 02:22:20 patched crashed: KASAN: slab-use-after-free Write in kvm_gmem_release [need repro = false] 2025/10/08 02:22:31 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 02:22:58 runner 8 connected 2025/10/08 02:23:12 runner 5 connected 2025/10/08 02:23:16 runner 0 connected 2025/10/08 02:23:22 runner 2 connected 2025/10/08 02:23:30 base crash: KASAN: slab-use-after-free Write in kvm_gmem_release 2025/10/08 02:24:27 runner 0 connected 2025/10/08 02:25:53 bug reporting terminated 2025/10/08 02:25:53 status reporting terminated 2025/10/08 02:25:53 repro loop terminated 2025/10/08 02:25:53 new: rpc server terminaled 2025/10/08 02:25:53 base: rpc server terminaled 2025/10/08 02:25:54 new: pool terminated 2025/10/08 02:25:54 new: kernel context loop terminated 2025/10/08 02:26:35 base: pool terminated 2025/10/08 02:26:35 base: kernel context loop terminated 2025/10/08 02:26:35 diff fuzzing terminated 2025/10/08 02:26:35 fuzzing is finished 2025/10/08 02:26:35 status at the end: Title On-Base On-Patched KASAN: slab-use-after-free Write in kvm_gmem_release 6 crashes 9 crashes