2025/11/01 00:52:18 extracted 321630 text symbol hashes for base and 321630 for patched 2025/11/01 00:52:18 binaries are different, continuing fuzzing 2025/11/01 00:52:18 adding modified_functions to focus areas: ["svm_enable_lbrv"] 2025/11/01 00:52:18 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c"] 2025/11/01 00:52:18 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/01 00:53:17 runner 6 connected 2025/11/01 00:53:17 runner 2 connected 2025/11/01 00:53:17 runner 3 connected 2025/11/01 00:53:17 runner 5 connected 2025/11/01 00:53:17 runner 4 connected 2025/11/01 00:53:17 runner 7 connected 2025/11/01 00:53:17 runner 8 connected 2025/11/01 00:53:17 runner 2 connected 2025/11/01 00:53:17 runner 1 connected 2025/11/01 00:53:17 runner 0 connected 2025/11/01 00:53:17 runner 1 connected 2025/11/01 00:53:17 runner 0 connected 2025/11/01 00:53:23 initializing coverage information... 2025/11/01 00:53:23 executor cover filter: 0 PCs 2025/11/01 00:53:25 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/01 00:53:25 base: machine check complete 2025/11/01 00:53:27 discovered 7601 source files, 332486 symbols 2025/11/01 00:53:27 coverage filter: svm_enable_lbrv: [svm_enable_lbrv] 2025/11/01 00:53:27 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/11/01 00:53:27 area "symbols": 5 PCs in the cover filter 2025/11/01 00:53:27 area "files": 2054 PCs in the cover filter 2025/11/01 00:53:27 area "": 0 PCs in the cover filter 2025/11/01 00:53:27 executor cover filter: 0 PCs 2025/11/01 00:53:28 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/01 00:53:28 new: machine check complete 2025/11/01 00:53:31 new: adding 2477 seeds 2025/11/01 00:53:50 triaged 98.1% of the corpus 2025/11/01 00:53:50 starting bug reproductions 2025/11/01 00:53:50 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/01 00:54:20 triaged 100.0% of the corpus 2025/11/01 00:57:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 747, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 31, "coverage": 9896, "distributor delayed": 468, "distributor undelayed": 468, "distributor violated": 0, "exec candidate": 2477, "exec collide": 4052, "exec fuzz": 7684, "exec gen": 411, "exec hints": 1233, "exec inject": 0, "exec minimize": 10025, "exec retries": 0, "exec seeds": 2125, "exec smash": 8578, "exec total [base]": 17517, "exec total [new]": 46006, "exec triage": 2046, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 873, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 151, "max signal": 10558, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5400, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 859, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 228, "reproducing": 0, "rpc recv": 1308584440, "rpc sent": 55992936, "signal": 9300, "smash jobs": 711, "triage jobs": 11, "vm output": 205824, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:02:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1057, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 148, "coverage": 11998, "distributor delayed": 624, "distributor undelayed": 624, "distributor violated": 0, "exec candidate": 2477, "exec collide": 9008, "exec fuzz": 16882, "exec gen": 898, "exec hints": 3076, "exec inject": 0, "exec minimize": 15043, "exec retries": 0, "exec seeds": 3086, "exec smash": 20416, "exec total [base]": 29142, "exec total [new]": 81080, "exec triage": 2821, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 673, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 157, "max signal": 12448, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7667, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1202, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 236, "reproducing": 0, "rpc recv": 2434654984, "rpc sent": 131646096, "signal": 11448, "smash jobs": 506, "triage jobs": 10, "vm output": 293466, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:07:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 66, "corpus": 1262, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 370, "coverage": 12578, "distributor delayed": 722, "distributor undelayed": 722, "distributor violated": 0, "exec candidate": 2477, "exec collide": 13383, "exec fuzz": 25295, "exec gen": 1355, "exec hints": 5715, "exec inject": 0, "exec minimize": 18415, "exec retries": 0, "exec seeds": 3767, "exec smash": 30341, "exec total [base]": 39329, "exec total [new]": 111473, "exec triage": 3352, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 157, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 45, "max signal": 13043, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9231, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1434, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 294, "reproducing": 0, "rpc recv": 3423526772, "rpc sent": 196981184, "signal": 11972, "smash jobs": 106, "triage jobs": 6, "vm output": 416232, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:12:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 88, "corpus": 1399, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 739, "coverage": 12937, "distributor delayed": 781, "distributor undelayed": 781, "distributor violated": 0, "exec candidate": 2477, "exec collide": 19349, "exec fuzz": 36713, "exec gen": 1899, "exec hints": 9512, "exec inject": 0, "exec minimize": 20709, "exec retries": 0, "exec seeds": 4200, "exec smash": 34954, "exec total [base]": 49236, "exec total [new]": 140903, "exec triage": 3715, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13447, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10307, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1591, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 314, "reproducing": 0, "rpc recv": 4238258244, "rpc sent": 261740120, "signal": 12331, "smash jobs": 6, "triage jobs": 5, "vm output": 587007, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:17:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 107, "corpus": 1471, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1140, "coverage": 13196, "distributor delayed": 830, "distributor undelayed": 830, "distributor violated": 0, "exec candidate": 2477, "exec collide": 26298, "exec fuzz": 49812, "exec gen": 2561, "exec hints": 10085, "exec inject": 0, "exec minimize": 22033, "exec retries": 0, "exec seeds": 4416, "exec smash": 36787, "exec total [base]": 57536, "exec total [new]": 165795, "exec triage": 3954, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13732, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10902, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1687, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 357, "reproducing": 0, "rpc recv": 4919670652, "rpc sent": 326667176, "signal": 12567, "smash jobs": 2, "triage jobs": 7, "vm output": 701281, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:22:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 127, "corpus": 1533, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1564, "coverage": 13352, "distributor delayed": 860, "distributor undelayed": 860, "distributor violated": 0, "exec candidate": 2477, "exec collide": 33193, "exec fuzz": 62497, "exec gen": 3246, "exec hints": 10427, "exec inject": 0, "exec minimize": 23468, "exec retries": 0, "exec seeds": 4605, "exec smash": 38341, "exec total [base]": 65345, "exec total [new]": 189758, "exec triage": 4131, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13907, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11549, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1761, "no exec duration": 18278000000, "no exec requests": 46, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 5590914628, "rpc sent": 392465640, "signal": 12717, "smash jobs": 3, "triage jobs": 6, "vm output": 817797, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/01 01:24:20 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/01 01:24:20 repro loop terminated 2025/11/01 01:24:20 base: rpc server terminaled 2025/11/01 01:24:20 new: rpc server terminaled 2025/11/01 01:24:21 base: pool terminated 2025/11/01 01:24:21 base: kernel context loop terminated 2025/11/01 01:24:21 new: pool terminated 2025/11/01 01:24:21 new: kernel context loop terminated 2025/11/01 01:24:21 diff fuzzing terminated 2025/11/01 01:24:21 bug reporting terminated 2025/11/01 01:24:21 status reporting terminated 2025/11/01 01:24:21 fuzzing is finished 2025/11/01 01:24:21 status at the end: Title On-Base On-Patched