2025/10/30 21:36:33 extracted 321630 text symbol hashes for base and 321630 for patched 2025/10/30 21:36:33 binaries are different, continuing fuzzing 2025/10/30 21:36:33 adding modified_functions to focus areas: ["avic_init_vcpu"] 2025/10/30 21:36:33 adding directly modified files to focus areas: ["arch/x86/kvm/svm/avic.c" "arch/x86/kvm/svm/svm.h"] 2025/10/30 21:36:33 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/30 21:37:31 runner 0 connected 2025/10/30 21:37:32 runner 6 connected 2025/10/30 21:37:32 runner 1 connected 2025/10/30 21:37:32 runner 0 connected 2025/10/30 21:37:32 runner 2 connected 2025/10/30 21:37:32 runner 5 connected 2025/10/30 21:37:32 runner 1 connected 2025/10/30 21:37:32 runner 8 connected 2025/10/30 21:37:32 runner 7 connected 2025/10/30 21:37:32 runner 2 connected 2025/10/30 21:37:33 runner 3 connected 2025/10/30 21:37:33 runner 4 connected 2025/10/30 21:37:38 initializing coverage information... 2025/10/30 21:37:38 executor cover filter: 0 PCs 2025/10/30 21:37:40 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/30 21:37:40 base: machine check complete 2025/10/30 21:37:42 discovered 7601 source files, 332486 symbols 2025/10/30 21:37:42 coverage filter: avic_init_vcpu: [avic_init_vcpu] 2025/10/30 21:37:42 coverage filter: arch/x86/kvm/svm/avic.c: [arch/x86/kvm/svm/avic.c] 2025/10/30 21:37:42 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/10/30 21:37:42 area "symbols": 13 PCs in the cover filter 2025/10/30 21:37:42 area "files": 465 PCs in the cover filter 2025/10/30 21:37:42 area "": 0 PCs in the cover filter 2025/10/30 21:37:42 executor cover filter: 0 PCs 2025/10/30 21:37:43 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/30 21:37:43 new: machine check complete 2025/10/30 21:37:46 new: adding 2467 seeds 2025/10/30 21:38:05 triaged 98.4% of the corpus 2025/10/30 21:38:05 starting bug reproductions 2025/10/30 21:38:05 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/30 21:38:35 triaged 100.0% of the corpus 2025/10/30 21:41:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 1, "corpus": 750, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 9, "coverage": 10769, "distributor delayed": 482, "distributor undelayed": 482, "distributor violated": 0, "exec candidate": 2467, "exec collide": 4466, "exec fuzz": 8337, "exec gen": 398, "exec hints": 1496, "exec inject": 0, "exec minimize": 9920, "exec retries": 0, "exec seeds": 2097, "exec smash": 9375, "exec total [base]": 18046, "exec total [new]": 47938, "exec triage": 2045, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 847, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 179, "max signal": 11165, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5219, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 871, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 186, "reproducing": 0, "rpc recv": 1368220832, "rpc sent": 64701312, "signal": 10260, "smash jobs": 654, "triage jobs": 14, "vm output": 202691, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 21:46:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1023, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 349, "coverage": 12016, "distributor delayed": 645, "distributor undelayed": 645, "distributor violated": 0, "exec candidate": 2467, "exec collide": 9217, "exec fuzz": 17583, "exec gen": 887, "exec hints": 3816, "exec inject": 0, "exec minimize": 14727, "exec retries": 0, "exec seeds": 3023, "exec smash": 20618, "exec total [base]": 30024, "exec total [new]": 82480, "exec triage": 2805, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 602, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 142, "max signal": 12773, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7471, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1198, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 265, "reproducing": 0, "rpc recv": 2493629464, "rpc sent": 138018576, "signal": 11470, "smash jobs": 446, "triage jobs": 14, "vm output": 349581, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 21:51:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 67, "corpus": 1209, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 715, "coverage": 12787, "distributor delayed": 734, "distributor undelayed": 734, "distributor violated": 0, "exec candidate": 2467, "exec collide": 13454, "exec fuzz": 25763, "exec gen": 1315, "exec hints": 6915, "exec inject": 0, "exec minimize": 18573, "exec retries": 0, "exec seeds": 3634, "exec smash": 29751, "exec total [base]": 39959, "exec total [new]": 112579, "exec triage": 3370, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 89, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 27, "max signal": 13370, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9242, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1434, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 288, "reproducing": 0, "rpc recv": 3550105020, "rpc sent": 208738496, "signal": 12182, "smash jobs": 48, "triage jobs": 14, "vm output": 509002, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 21:56:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 122, "corpus": 1351, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1131, "coverage": 13227, "distributor delayed": 797, "distributor undelayed": 797, "distributor violated": 0, "exec candidate": 2467, "exec collide": 18810, "exec fuzz": 35982, "exec gen": 1814, "exec hints": 9414, "exec inject": 0, "exec minimize": 21833, "exec retries": 0, "exec seeds": 4064, "exec smash": 33750, "exec total [base]": 48988, "exec total [new]": 139198, "exec triage": 3729, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13788, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10723, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1588, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 4462830156, "rpc sent": 277140896, "signal": 12615, "smash jobs": 10, "triage jobs": 6, "vm output": 781813, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 22:01:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 144, "corpus": 1425, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1496, "coverage": 13382, "distributor delayed": 833, "distributor undelayed": 833, "distributor violated": 0, "exec candidate": 2467, "exec collide": 25487, "exec fuzz": 48508, "exec gen": 2450, "exec hints": 9939, "exec inject": 0, "exec minimize": 23692, "exec retries": 0, "exec seeds": 4283, "exec smash": 35656, "exec total [base]": 57098, "exec total [new]": 163810, "exec triage": 3990, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14059, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11596, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1695, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 323, "reproducing": 0, "rpc recv": 5174959396, "rpc sent": 349745536, "signal": 12764, "smash jobs": 6, "triage jobs": 10, "vm output": 1014953, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 22:06:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 177, "corpus": 1510, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1844, "coverage": 13744, "distributor delayed": 883, "distributor undelayed": 883, "distributor violated": 0, "exec candidate": 2467, "exec collide": 31689, "exec fuzz": 60537, "exec gen": 3055, "exec hints": 10086, "exec inject": 0, "exec minimize": 25625, "exec retries": 0, "exec seeds": 4548, "exec smash": 37796, "exec total [base]": 64930, "exec total [new]": 187393, "exec triage": 4254, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 14662, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12493, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1805, "no exec duration": 21080000000, "no exec requests": 36, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 5945837088, "rpc sent": 421780368, "signal": 13101, "smash jobs": 9, "triage jobs": 11, "vm output": 1252531, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/30 22:08:35 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/30 22:08:35 repro loop terminated 2025/10/30 22:08:35 base: rpc server terminaled 2025/10/30 22:08:35 new: rpc server terminaled 2025/10/30 22:08:36 base: pool terminated 2025/10/30 22:08:36 base: kernel context loop terminated 2025/10/30 22:08:36 new: pool terminated 2025/10/30 22:08:36 new: kernel context loop terminated 2025/10/30 22:08:36 diff fuzzing terminated 2025/10/30 22:08:36 bug reporting terminated 2025/10/30 22:08:36 status reporting terminated 2025/10/30 22:08:36 fuzzing is finished 2025/10/30 22:08:36 status at the end: Title On-Base On-Patched