2025/09/11 00:21:23 extracted 327534 text symbol hashes for base and 327534 for patched 2025/09/11 00:21:23 binaries are different, continuing fuzzing 2025/09/11 00:21:23 adding modified_functions to focus areas: ["psp_firmware_is_visible"] 2025/09/11 00:21:23 adding directly modified files to focus areas: ["arch/x86/include/asm/sev.h" "arch/x86/virt/svm/sev.c" "drivers/crypto/ccp/Makefile" "drivers/crypto/ccp/psp-dev.c" "drivers/crypto/ccp/psp-dev.h" "drivers/crypto/ccp/sev-dev.c" "drivers/crypto/ccp/sev-dev.h" "drivers/crypto/ccp/sfs.c" "drivers/crypto/ccp/sfs.h" "include/linux/psp-platform-access.h" "include/uapi/linux/psp-sfs.h"] 2025/09/11 00:21:25 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/11 00:22:22 runner 8 connected 2025/09/11 00:22:29 runner 1 connected 2025/09/11 00:22:29 runner 0 connected 2025/09/11 00:22:29 runner 1 connected 2025/09/11 00:22:29 runner 2 connected 2025/09/11 00:22:30 runner 3 connected 2025/09/11 00:22:30 runner 3 connected 2025/09/11 00:22:30 runner 5 connected 2025/09/11 00:22:30 runner 7 connected 2025/09/11 00:22:30 runner 2 connected 2025/09/11 00:22:30 initializing coverage information... 2025/09/11 00:22:30 runner 6 connected 2025/09/11 00:22:30 runner 9 connected 2025/09/11 00:22:31 runner 0 connected 2025/09/11 00:22:31 runner 4 connected 2025/09/11 00:22:36 discovered 7697 source files, 338978 symbols 2025/09/11 00:22:36 coverage filter: psp_firmware_is_visible: [psp_firmware_is_visible] 2025/09/11 00:22:36 coverage filter: arch/x86/include/asm/sev.h: [] 2025/09/11 00:22:36 coverage filter: arch/x86/virt/svm/sev.c: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/Makefile: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/psp-dev.c: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/psp-dev.h: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/sev-dev.c: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/sev-dev.h: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/sfs.c: [] 2025/09/11 00:22:36 coverage filter: drivers/crypto/ccp/sfs.h: [] 2025/09/11 00:22:36 coverage filter: include/linux/psp-platform-access.h: [] 2025/09/11 00:22:36 coverage filter: include/uapi/linux/psp-sfs.h: [] 2025/09/11 00:22:36 area "symbols": 14 PCs in the cover filter 2025/09/11 00:22:36 area "files": 0 PCs in the cover filter 2025/09/11 00:22:36 area "": 0 PCs in the cover filter 2025/09/11 00:22:36 executor cover filter: 0 PCs 2025/09/11 00:22:37 executor cover filter: 0 PCs 2025/09/11 00:22:39 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/11 00:22:39 new: machine check complete 2025/09/11 00:22:39 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/11 00:22:39 base: machine check complete 2025/09/11 00:22:42 new: adding 2275 seeds 2025/09/11 00:22:56 triaged 97.2% of the corpus 2025/09/11 00:22:56 starting bug reproductions 2025/09/11 00:22:56 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/11 00:23:26 triaged 100.0% of the corpus 2025/09/11 00:26:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 716, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9579, "distributor delayed": 354, "distributor undelayed": 354, "distributor violated": 0, "exec candidate": 2275, "exec collide": 4310, "exec fuzz": 7990, "exec gen": 431, "exec hints": 1197, "exec inject": 0, "exec minimize": 8898, "exec retries": 0, "exec seeds": 2021, "exec smash": 9246, "exec total [base]": 19639, "exec total [new]": 45046, "exec triage": 1907, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 776, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 129, "max signal": 9892, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4757, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 807, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 203, "reproducing": 0, "rpc recv": 1365295876, "rpc sent": 85776024, "signal": 9159, "smash jobs": 638, "triage jobs": 9, "vm output": 205759, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:31:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 9, "corpus": 1012, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 6, "coverage": 12040, "distributor delayed": 489, "distributor undelayed": 489, "distributor violated": 0, "exec candidate": 2275, "exec collide": 9962, "exec fuzz": 18876, "exec gen": 968, "exec hints": 3796, "exec inject": 0, "exec minimize": 13612, "exec retries": 0, "exec seeds": 3001, "exec smash": 22747, "exec total [base]": 35561, "exec total [new]": 84728, "exec triage": 2720, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 328, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 83, "max signal": 12444, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6971, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1164, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 270, "reproducing": 0, "rpc recv": 2540343564, "rpc sent": 201931600, "signal": 11538, "smash jobs": 235, "triage jobs": 10, "vm output": 342597, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:36:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 25, "corpus": 1227, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 14, "coverage": 13125, "distributor delayed": 605, "distributor undelayed": 605, "distributor violated": 0, "exec candidate": 2275, "exec collide": 15753, "exec fuzz": 29797, "exec gen": 1569, "exec hints": 7920, "exec inject": 0, "exec minimize": 17445, "exec retries": 0, "exec seeds": 3680, "exec smash": 30530, "exec total [base]": 49149, "exec total [new]": 119079, "exec triage": 3340, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 27, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 13501, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8739, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1415, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 271, "reproducing": 0, "rpc recv": 3734253616, "rpc sent": 303686320, "signal": 12559, "smash jobs": 14, "triage jobs": 7, "vm output": 510958, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:41:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 39, "corpus": 1341, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 14, "coverage": 13543, "distributor delayed": 675, "distributor undelayed": 675, "distributor violated": 0, "exec candidate": 2275, "exec collide": 23461, "exec fuzz": 44297, "exec gen": 2350, "exec hints": 9632, "exec inject": 0, "exec minimize": 19517, "exec retries": 0, "exec seeds": 4026, "exec smash": 33499, "exec total [base]": 61182, "exec total [new]": 149526, "exec triage": 3695, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 14135, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9647, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1556, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 292, "reproducing": 0, "rpc recv": 4714058200, "rpc sent": 403922576, "signal": 12948, "smash jobs": 6, "triage jobs": 6, "vm output": 780084, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:46:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1435, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 14, "coverage": 14005, "distributor delayed": 722, "distributor undelayed": 722, "distributor violated": 0, "exec candidate": 2275, "exec collide": 31325, "exec fuzz": 59364, "exec gen": 3165, "exec hints": 10853, "exec inject": 0, "exec minimize": 21112, "exec retries": 0, "exec seeds": 4311, "exec smash": 35918, "exec total [base]": 72703, "exec total [new]": 179048, "exec triage": 3951, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14484, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10388, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1667, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 311, "reproducing": 0, "rpc recv": 5567511236, "rpc sent": 504614544, "signal": 13393, "smash jobs": 1, "triage jobs": 5, "vm output": 1008664, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:51:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 61, "corpus": 1523, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 105, "coverage": 14242, "distributor delayed": 772, "distributor undelayed": 772, "distributor violated": 0, "exec candidate": 2275, "exec collide": 39155, "exec fuzz": 73999, "exec gen": 3956, "exec hints": 11284, "exec inject": 0, "exec minimize": 22785, "exec retries": 0, "exec seeds": 4578, "exec smash": 38096, "exec total [base]": 83875, "exec total [new]": 207136, "exec triage": 4235, "executor restarts [base]": 33, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14754, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11163, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1781, "no exec duration": 15000000000, "no exec requests": 15, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 6452077140, "rpc sent": 600894808, "signal": 13673, "smash jobs": 6, "triage jobs": 7, "vm output": 1218420, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/11 00:53:26 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/11 00:53:26 syz-diff (new): kernel context loop terminated 2025/09/11 00:53:26 syz-diff (base): kernel context loop terminated 2025/09/11 00:53:26 diff fuzzing terminated 2025/09/11 00:53:26 status reporting terminated 2025/09/11 00:53:26 bug reporting terminated 2025/09/11 00:53:26 fuzzing is finished 2025/09/11 00:53:26 status at the end: Title On-Base On-Patched