2025/08/19 18:24:06 extracted 303749 symbol hashes for base and 303749 for patched 2025/08/19 18:24:06 binaries are different, continuing fuzzing 2025/08/19 18:24:06 adding modified_functions to focus areas: ["avic_apicv_post_state_restore" "avic_incomplete_ipi_interception" "avic_refresh_apicv_exec_ctrl" "avic_refresh_virtual_apic_mode" "avic_unaccelerated_access_interception" "avic_vcpu_blocking" "avic_vcpu_unblocking"] 2025/08/19 18:24:06 adding directly modified files to focus areas: ["arch/x86/kvm/svm/avic.c" "tools/testing/selftests/kvm/include/x86/apic.h" "tools/testing/selftests/kvm/x86/xapic_state_test.c"] 2025/08/19 18:24:08 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/19 18:25:05 runner 0 connected 2025/08/19 18:25:05 runner 2 connected 2025/08/19 18:25:05 runner 0 connected 2025/08/19 18:25:05 runner 9 connected 2025/08/19 18:25:05 runner 1 connected 2025/08/19 18:25:05 runner 1 connected 2025/08/19 18:25:05 runner 8 connected 2025/08/19 18:25:05 runner 3 connected 2025/08/19 18:25:05 runner 7 connected 2025/08/19 18:25:06 runner 4 connected 2025/08/19 18:25:06 runner 6 connected 2025/08/19 18:25:06 runner 5 connected 2025/08/19 18:25:06 runner 2 connected 2025/08/19 18:25:06 runner 3 connected 2025/08/19 18:25:11 executor cover filter: 0 PCs 2025/08/19 18:25:12 initializing coverage information... 2025/08/19 18:25:13 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/19 18:25:13 base: machine check complete 2025/08/19 18:25:16 discovered 7699 source files, 338618 symbols 2025/08/19 18:25:16 coverage filter: avic_apicv_post_state_restore: [avic_apicv_post_state_restore] 2025/08/19 18:25:16 coverage filter: avic_incomplete_ipi_interception: [avic_incomplete_ipi_interception] 2025/08/19 18:25:16 coverage filter: avic_refresh_apicv_exec_ctrl: [avic_refresh_apicv_exec_ctrl] 2025/08/19 18:25:16 coverage filter: avic_refresh_virtual_apic_mode: [avic_refresh_virtual_apic_mode] 2025/08/19 18:25:16 coverage filter: avic_unaccelerated_access_interception: [avic_unaccelerated_access_interception] 2025/08/19 18:25:16 coverage filter: avic_vcpu_blocking: [avic_vcpu_blocking] 2025/08/19 18:25:16 coverage filter: avic_vcpu_unblocking: [avic_vcpu_unblocking] 2025/08/19 18:25:16 coverage filter: arch/x86/kvm/svm/avic.c: [arch/x86/kvm/svm/avic.c] 2025/08/19 18:25:16 coverage filter: tools/testing/selftests/kvm/include/x86/apic.h: [] 2025/08/19 18:25:16 coverage filter: tools/testing/selftests/kvm/x86/xapic_state_test.c: [] 2025/08/19 18:25:16 area "symbols": 183 PCs in the cover filter 2025/08/19 18:25:16 area "files": 470 PCs in the cover filter 2025/08/19 18:25:16 area "": 0 PCs in the cover filter 2025/08/19 18:25:16 executor cover filter: 0 PCs 2025/08/19 18:25:17 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/19 18:25:17 new: machine check complete 2025/08/19 18:25:20 new: adding 2311 seeds 2025/08/19 18:25:39 triaged 97.4% of the corpus 2025/08/19 18:25:39 starting bug reproductions 2025/08/19 18:25:39 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/19 18:26:09 triaged 100.0% of the corpus 2025/08/19 18:29:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 5, "corpus": 769, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10208, "distributor delayed": 448, "distributor undelayed": 448, "distributor violated": 0, "exec candidate": 2311, "exec collide": 4804, "exec fuzz": 9056, "exec gen": 435, "exec hints": 1392, "exec inject": 0, "exec minimize": 10265, "exec retries": 0, "exec seeds": 2174, "exec smash": 10511, "exec total [base]": 23462, "exec total [new]": 49927, "exec triage": 2097, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 824, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 154, "max signal": 11218, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5457, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 897, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 211, "reproducing": 0, "rpc recv": 889275440, "rpc sent": 67370816, "signal": 9747, "smash jobs": 649, "triage jobs": 21, "vm output": 215852, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:34:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1086, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12183, "distributor delayed": 585, "distributor undelayed": 585, "distributor violated": 0, "exec candidate": 2311, "exec collide": 10154, "exec fuzz": 19089, "exec gen": 950, "exec hints": 3843, "exec inject": 0, "exec minimize": 15863, "exec retries": 0, "exec seeds": 3169, "exec smash": 22967, "exec total [base]": 39417, "exec total [new]": 88113, "exec triage": 2885, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 490, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 119, "max signal": 12588, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8151, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1244, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 267, "reproducing": 0, "rpc recv": 1308257856, "rpc sent": 147367016, "signal": 11110, "smash jobs": 361, "triage jobs": 10, "vm output": 341529, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:39:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1261, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 12957, "distributor delayed": 671, "distributor undelayed": 671, "distributor violated": 0, "exec candidate": 2311, "exec collide": 16262, "exec fuzz": 30400, "exec gen": 1547, "exec hints": 6723, "exec inject": 0, "exec minimize": 19033, "exec retries": 0, "exec seeds": 3763, "exec smash": 31210, "exec total [base]": 53170, "exec total [new]": 121521, "exec triage": 3388, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 13404, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9659, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1457, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 269, "reproducing": 0, "rpc recv": 1593334352, "rpc sent": 225834728, "signal": 12380, "smash jobs": 11, "triage jobs": 4, "vm output": 466469, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:44:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 70, "corpus": 1377, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13230, "distributor delayed": 724, "distributor undelayed": 724, "distributor violated": 0, "exec candidate": 2311, "exec collide": 24001, "exec fuzz": 44934, "exec gen": 2322, "exec hints": 8616, "exec inject": 0, "exec minimize": 21160, "exec retries": 0, "exec seeds": 4116, "exec smash": 34180, "exec total [base]": 65785, "exec total [new]": 152244, "exec triage": 3721, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13723, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10601, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1602, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 325, "reproducing": 0, "rpc recv": 1775595700, "rpc sent": 301909424, "signal": 12648, "smash jobs": 7, "triage jobs": 7, "vm output": 566951, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:49:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 81, "corpus": 1472, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 12, "coverage": 13529, "distributor delayed": 766, "distributor undelayed": 766, "distributor violated": 0, "exec candidate": 2311, "exec collide": 31717, "exec fuzz": 59569, "exec gen": 3130, "exec hints": 9182, "exec inject": 0, "exec minimize": 22928, "exec retries": 0, "exec seeds": 4407, "exec smash": 36666, "exec total [base]": 77227, "exec total [new]": 180767, "exec triage": 3974, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14040, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11430, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1714, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 1933196752, "rpc sent": 375694336, "signal": 12943, "smash jobs": 7, "triage jobs": 7, "vm output": 656400, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:54:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 93, "corpus": 1553, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 18, "coverage": 13862, "distributor delayed": 800, "distributor undelayed": 800, "distributor violated": 0, "exec candidate": 2311, "exec collide": 39322, "exec fuzz": 73841, "exec gen": 3883, "exec hints": 9829, "exec inject": 0, "exec minimize": 24471, "exec retries": 0, "exec seeds": 4650, "exec smash": 38739, "exec total [base]": 88541, "exec total [new]": 208119, "exec triage": 4191, "executor restarts [base]": 30, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14364, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12155, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1805, "no exec duration": 18049000000, "no exec requests": 29, "pending": 0, "prog exec time": 343, "reproducing": 0, "rpc recv": 2071136152, "rpc sent": 461184392, "signal": 13244, "smash jobs": 2, "triage jobs": 4, "vm output": 831588, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/19 18:56:09 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/19 18:56:09 syz-diff (base): kernel context loop terminated 2025/08/19 18:56:09 syz-diff (new): kernel context loop terminated 2025/08/19 18:56:09 diff fuzzing terminated 2025/08/19 18:56:09 status reporting terminated 2025/08/19 18:56:09 bug reporting terminated 2025/08/19 18:56:09 fuzzing is finished 2025/08/19 18:56:09 status at the end: Title On-Base On-Patched