2025/08/07 18:39:03 extracted 303683 symbol hashes for base and 303683 for patched 2025/08/07 18:39:03 adding modified_functions to focus areas: ["clgi_interception" "interrupt_window_interception" "nvmet_execute_disc_identify" "svm_invoke_exit_handler"] 2025/08/07 18:39:03 adding directly modified files to focus areas: ["arch/x86/include/asm/cpufeatures.h" "arch/x86/include/asm/msr-index.h" "arch/x86/include/asm/svm.h" "arch/x86/include/uapi/asm/svm.h" "arch/x86/kvm/svm/sev.c" "arch/x86/kvm/svm/svm.c"] 2025/08/07 18:39:04 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/07 18:40:02 runner 5 connected 2025/08/07 18:40:02 runner 3 connected 2025/08/07 18:40:02 runner 6 connected 2025/08/07 18:40:02 runner 2 connected 2025/08/07 18:40:02 runner 8 connected 2025/08/07 18:40:02 runner 3 connected 2025/08/07 18:40:02 runner 1 connected 2025/08/07 18:40:02 runner 0 connected 2025/08/07 18:40:02 runner 0 connected 2025/08/07 18:40:03 runner 4 connected 2025/08/07 18:40:04 runner 7 connected 2025/08/07 18:40:04 runner 2 connected 2025/08/07 18:40:04 runner 9 connected 2025/08/07 18:40:11 initializing coverage information... 2025/08/07 18:40:11 executor cover filter: 0 PCs 2025/08/07 18:40:14 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/07 18:40:14 base: machine check complete 2025/08/07 18:40:17 discovered 7697 source files, 338543 symbols 2025/08/07 18:40:18 coverage filter: clgi_interception: [clgi_interception] 2025/08/07 18:40:18 coverage filter: interrupt_window_interception: [interrupt_window_interception] 2025/08/07 18:40:18 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/07 18:40:18 coverage filter: svm_invoke_exit_handler: [svm_invoke_exit_handler] 2025/08/07 18:40:18 coverage filter: arch/x86/include/asm/cpufeatures.h: [] 2025/08/07 18:40:18 coverage filter: arch/x86/include/asm/msr-index.h: [] 2025/08/07 18:40:18 coverage filter: arch/x86/include/asm/svm.h: [] 2025/08/07 18:40:18 coverage filter: arch/x86/include/uapi/asm/svm.h: [] 2025/08/07 18:40:18 coverage filter: arch/x86/kvm/svm/sev.c: [] 2025/08/07 18:40:18 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/08/07 18:40:18 area "symbols": 62 PCs in the cover filter 2025/08/07 18:40:18 area "files": 2060 PCs in the cover filter 2025/08/07 18:40:18 area "": 0 PCs in the cover filter 2025/08/07 18:40:18 executor cover filter: 0 PCs 2025/08/07 18:40:19 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/07 18:40:19 new: machine check complete 2025/08/07 18:40:23 new: adding 1913 seeds 2025/08/07 18:40:35 triaged 97.5% of the corpus 2025/08/07 18:40:35 starting bug reproductions 2025/08/07 18:40:35 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/07 18:41:05 triaged 100.0% of the corpus 2025/08/07 18:44:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 683, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 8920, "distributor delayed": 392, "distributor undelayed": 392, "distributor violated": 0, "exec candidate": 1913, "exec collide": 4085, "exec fuzz": 7783, "exec gen": 411, "exec hints": 1100, "exec inject": 0, "exec minimize": 8800, "exec retries": 0, "exec seeds": 1899, "exec smash": 9018, "exec total [base]": 14858, "exec total [new]": 42530, "exec triage": 1856, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 744, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 123, "max signal": 9278, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4703, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 775, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 177, "reproducing": 0, "rpc recv": 806342836, "rpc sent": 68985752, "signal": 8562, "smash jobs": 614, "triage jobs": 7, "vm output": 202860, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/07 18:49:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 975, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11466, "distributor delayed": 535, "distributor undelayed": 535, "distributor violated": 0, "exec candidate": 1913, "exec collide": 9618, "exec fuzz": 18250, "exec gen": 909, "exec hints": 3754, "exec inject": 0, "exec minimize": 12784, "exec retries": 0, "exec seeds": 2858, "exec smash": 21912, "exec total [base]": 26685, "exec total [new]": 80299, "exec triage": 2634, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 297, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 88, "max signal": 11965, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6553, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1116, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 253, "reproducing": 0, "rpc recv": 1115884212, "rpc sent": 155390464, "signal": 11028, "smash jobs": 203, "triage jobs": 6, "vm output": 313385, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/07 18:49:11 base: boot error: can't ssh into the instance 2025/08/07 18:50:16 runner 1 connected 2025/08/07 18:54:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1190, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 8, "coverage": 12441, "distributor delayed": 633, "distributor undelayed": 633, "distributor violated": 0, "exec candidate": 1913, "exec collide": 15101, "exec fuzz": 28538, "exec gen": 1385, "exec hints": 8794, "exec inject": 0, "exec minimize": 16462, "exec retries": 0, "exec seeds": 3541, "exec smash": 29359, "exec total [base]": 39644, "exec total [new]": 113998, "exec triage": 3237, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 31, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 12927, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8214, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1369, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 244, "reproducing": 0, "rpc recv": 1477259476, "rpc sent": 240064432, "signal": 11858, "smash jobs": 12, "triage jobs": 9, "vm output": 496283, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 18:59:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 37, "corpus": 1304, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 16, "coverage": 12858, "distributor delayed": 698, "distributor undelayed": 698, "distributor violated": 0, "exec candidate": 1913, "exec collide": 22632, "exec fuzz": 42850, "exec gen": 2094, "exec hints": 10301, "exec inject": 0, "exec minimize": 18497, "exec retries": 0, "exec seeds": 3890, "exec smash": 32295, "exec total [base]": 51935, "exec total [new]": 143678, "exec triage": 3540, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13362, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9134, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1496, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 303, "reproducing": 0, "rpc recv": 1678330832, "rpc sent": 329210048, "signal": 12262, "smash jobs": 10, "triage jobs": 5, "vm output": 655096, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 19:04:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 39, "corpus": 1395, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 21, "coverage": 13048, "distributor delayed": 737, "distributor undelayed": 737, "distributor violated": 0, "exec candidate": 1913, "exec collide": 30188, "exec fuzz": 57256, "exec gen": 2841, "exec hints": 10593, "exec inject": 0, "exec minimize": 20183, "exec retries": 0, "exec seeds": 4164, "exec smash": 34580, "exec total [base]": 63196, "exec total [new]": 171179, "exec triage": 3792, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13595, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9896, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1600, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 398, "reproducing": 0, "rpc recv": 1833681608, "rpc sent": 417096008, "signal": 12450, "smash jobs": 8, "triage jobs": 5, "vm output": 776266, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 19:09:05 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1467, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 47, "coverage": 13319, "distributor delayed": 774, "distributor undelayed": 774, "distributor violated": 0, "exec candidate": 1913, "exec collide": 37774, "exec fuzz": 72039, "exec gen": 3606, "exec hints": 10763, "exec inject": 0, "exec minimize": 21524, "exec retries": 0, "exec seeds": 4383, "exec smash": 36439, "exec total [base]": 74229, "exec total [new]": 198091, "exec triage": 3983, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13885, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10517, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1682, "no exec duration": 19013000000, "no exec requests": 20, "pending": 0, "prog exec time": 345, "reproducing": 0, "rpc recv": 1960158580, "rpc sent": 506567048, "signal": 12703, "smash jobs": 8, "triage jobs": 5, "vm output": 899189, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 19:11:05 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/07 19:11:06 syz-diff (base): kernel context loop terminated 2025/08/07 19:11:06 syz-diff (new): kernel context loop terminated 2025/08/07 19:11:06 diff fuzzing terminated 2025/08/07 19:11:06 status reporting terminated 2025/08/07 19:11:06 bug reporting terminated 2025/08/07 19:11:06 fuzzing is finished 2025/08/07 19:11:06 status at the end: Title On-Base On-Patched