2025/08/25 19:01:31 extracted 303759 symbol hashes for base and 303759 for patched 2025/08/25 19:01:31 binaries are different, continuing fuzzing 2025/08/25 19:01:31 adding modified_functions to focus areas: ["svm_handle_exit" "svm_set_msr" "svm_sync_dirty_debug_regs" "svm_update_soft_interrupt_rip" "svm_vcpu_after_set_cpuid" "svm_vcpu_reset" "svm_vcpu_run"] 2025/08/25 19:01:31 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c" "tools/testing/selftests/kvm/include/x86/apic.h" "tools/testing/selftests/kvm/x86/xapic_state_test.c"] 2025/08/25 19:01:32 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/25 19:02:21 runner 6 connected 2025/08/25 19:02:21 runner 4 connected 2025/08/25 19:02:21 runner 2 connected 2025/08/25 19:02:21 runner 8 connected 2025/08/25 19:02:22 runner 1 connected 2025/08/25 19:02:22 runner 0 connected 2025/08/25 19:02:22 runner 5 connected 2025/08/25 19:02:22 runner 1 connected 2025/08/25 19:02:22 runner 0 connected 2025/08/25 19:02:22 runner 2 connected 2025/08/25 19:02:22 runner 9 connected 2025/08/25 19:02:22 runner 3 connected 2025/08/25 19:02:22 runner 7 connected 2025/08/25 19:02:22 runner 3 connected 2025/08/25 19:02:26 initializing coverage information... 2025/08/25 19:02:27 executor cover filter: 0 PCs 2025/08/25 19:02:28 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/08/25 19:02:28 base: machine check complete 2025/08/25 19:02:30 discovered 7699 source files, 338631 symbols 2025/08/25 19:02:30 coverage filter: svm_handle_exit: [svm_handle_exit svm_handle_exit_irqoff] 2025/08/25 19:02:30 coverage filter: svm_set_msr: [svm_set_msr] 2025/08/25 19:02:30 coverage filter: svm_sync_dirty_debug_regs: [svm_sync_dirty_debug_regs] 2025/08/25 19:02:30 coverage filter: svm_update_soft_interrupt_rip: [svm_update_soft_interrupt_rip] 2025/08/25 19:02:30 coverage filter: svm_vcpu_after_set_cpuid: [svm_vcpu_after_set_cpuid] 2025/08/25 19:02:30 coverage filter: svm_vcpu_reset: [svm_vcpu_reset] 2025/08/25 19:02:30 coverage filter: svm_vcpu_run: [svm_vcpu_run] 2025/08/25 19:02:30 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/08/25 19:02:30 coverage filter: tools/testing/selftests/kvm/include/x86/apic.h: [] 2025/08/25 19:02:30 coverage filter: tools/testing/selftests/kvm/x86/xapic_state_test.c: [] 2025/08/25 19:02:30 area "symbols": 358 PCs in the cover filter 2025/08/25 19:02:30 area "files": 2053 PCs in the cover filter 2025/08/25 19:02:30 area "": 0 PCs in the cover filter 2025/08/25 19:02:30 executor cover filter: 0 PCs 2025/08/25 19:02:31 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/08/25 19:02:31 new: machine check complete 2025/08/25 19:02:33 triaged 100.0% of the corpus 2025/08/25 19:02:33 triaged 100.0% of the corpus 2025/08/25 19:02:33 starting bug reproductions 2025/08/25 19:02:33 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/25 19:02:34 new: adding 2204 seeds 2025/08/25 19:06:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 815, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9887, "distributor delayed": 519, "distributor undelayed": 519, "distributor violated": 0, "exec candidate": 2204, "exec collide": 6534, "exec fuzz": 12347, "exec gen": 642, "exec hints": 1884, "exec inject": 0, "exec minimize": 11275, "exec retries": 0, "exec seeds": 2361, "exec smash": 14982, "exec total [base]": 28342, "exec total [new]": 60910, "exec triage": 2119, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 691, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 111, "max signal": 11267, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6025, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 919, "no exec duration": 21589000000, "no exec requests": 630, "pending": 0, "prog exec time": 173, "reproducing": 0, "rpc recv": 904473360, "rpc sent": 106644336, "signal": 9455, "smash jobs": 568, "triage jobs": 12, "vm output": 239555, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:11:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 38, "corpus": 1166, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 18, "coverage": 12684, "distributor delayed": 691, "distributor undelayed": 691, "distributor violated": 0, "exec candidate": 2204, "exec collide": 13121, "exec fuzz": 25266, "exec gen": 1289, "exec hints": 6946, "exec inject": 0, "exec minimize": 17031, "exec retries": 0, "exec seeds": 3501, "exec smash": 28937, "exec total [base]": 47633, "exec total [new]": 107871, "exec triage": 3014, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 47, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 23, "max signal": 13024, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8688, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1322, "no exec duration": 21592000000, "no exec requests": 631, "pending": 0, "prog exec time": 175, "reproducing": 0, "rpc recv": 1389767124, "rpc sent": 204047072, "signal": 12191, "smash jobs": 20, "triage jobs": 4, "vm output": 487106, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:16:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 59, "corpus": 1330, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 41, "coverage": 13093, "distributor delayed": 788, "distributor undelayed": 788, "distributor violated": 0, "exec candidate": 2204, "exec collide": 23069, "exec fuzz": 44072, "exec gen": 2280, "exec hints": 10586, "exec inject": 0, "exec minimize": 19848, "exec retries": 0, "exec seeds": 4006, "exec smash": 33257, "exec total [base]": 64674, "exec total [new]": 149359, "exec triage": 3475, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13469, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10003, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1524, "no exec duration": 21592000000, "no exec requests": 631, "pending": 0, "prog exec time": 193, "reproducing": 0, "rpc recv": 1644141424, "rpc sent": 304028256, "signal": 12565, "smash jobs": 9, "triage jobs": 4, "vm output": 803548, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:21:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1445, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 207, "coverage": 13485, "distributor delayed": 848, "distributor undelayed": 848, "distributor violated": 0, "exec candidate": 2204, "exec collide": 32860, "exec fuzz": 62588, "exec gen": 3268, "exec hints": 12084, "exec inject": 0, "exec minimize": 21736, "exec retries": 0, "exec seeds": 4352, "exec smash": 36252, "exec total [base]": 79798, "exec total [new]": 185724, "exec triage": 3816, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13902, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10856, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1671, "no exec duration": 21599000000, "no exec requests": 632, "pending": 0, "prog exec time": 277, "reproducing": 0, "rpc recv": 1851096984, "rpc sent": 398473384, "signal": 12914, "smash jobs": 2, "triage jobs": 6, "vm output": 1011849, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:26:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 89, "corpus": 1537, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 386, "coverage": 13750, "distributor delayed": 890, "distributor undelayed": 890, "distributor violated": 0, "exec candidate": 2204, "exec collide": 42773, "exec fuzz": 81368, "exec gen": 4267, "exec hints": 13629, "exec inject": 0, "exec minimize": 23255, "exec retries": 0, "exec seeds": 4636, "exec smash": 38595, "exec total [base]": 94287, "exec total [new]": 221366, "exec triage": 4077, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 14205, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11567, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1785, "no exec duration": 21599000000, "no exec requests": 632, "pending": 0, "prog exec time": 262, "reproducing": 0, "rpc recv": 2016706432, "rpc sent": 490615176, "signal": 13167, "smash jobs": 5, "triage jobs": 4, "vm output": 1221280, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:31:33 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 98, "corpus": 1609, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 543, "coverage": 14044, "distributor delayed": 919, "distributor undelayed": 919, "distributor violated": 0, "exec candidate": 2204, "exec collide": 52781, "exec fuzz": 100472, "exec gen": 5244, "exec hints": 14413, "exec inject": 0, "exec minimize": 24459, "exec retries": 0, "exec seeds": 4854, "exec smash": 40374, "exec total [base]": 108157, "exec total [new]": 255619, "exec triage": 4256, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14527, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12134, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1864, "no exec duration": 21599000000, "no exec requests": 632, "pending": 0, "prog exec time": 260, "reproducing": 0, "rpc recv": 2141091284, "rpc sent": 584131376, "signal": 13455, "smash jobs": 4, "triage jobs": 1, "vm output": 1414201, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/25 19:32:33 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/25 19:32:34 syz-diff (base): kernel context loop terminated 2025/08/25 19:32:34 syz-diff (new): kernel context loop terminated 2025/08/25 19:32:34 diff fuzzing terminated 2025/08/25 19:32:34 bug reporting terminated 2025/08/25 19:32:34 status reporting terminated 2025/08/25 19:32:34 fuzzing is finished 2025/08/25 19:32:34 status at the end: Title On-Base On-Patched