2025/08/04 11:22:18 extracted 302733 symbol hashes for base and 302733 for patched 2025/08/04 11:22:18 adding modified_functions to focus areas: ["nvmet_execute_disc_identify" "svm_handle_exit" "svm_update_soft_interrupt_rip" "svm_vcpu_after_set_cpuid" "svm_vcpu_create" "svm_vcpu_load"] 2025/08/04 11:22:18 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/08/04 11:22:18 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/08/04 11:22:18 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/08/04 11:22:18 adding directly modified files to focus areas: ["arch/x86/include/asm/cpufeatures.h" "arch/x86/include/asm/svm.h" "arch/x86/kvm/svm/sev.c" "arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h"] 2025/08/04 11:22:19 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/04 11:23:08 runner 0 connected 2025/08/04 11:23:09 runner 1 connected 2025/08/04 11:23:09 runner 1 connected 2025/08/04 11:23:09 runner 3 connected 2025/08/04 11:23:09 runner 0 connected 2025/08/04 11:23:09 runner 2 connected 2025/08/04 11:23:10 runner 3 connected 2025/08/04 11:23:11 runner 5 connected 2025/08/04 11:23:15 initializing coverage information... 2025/08/04 11:23:15 executor cover filter: 0 PCs 2025/08/04 11:23:16 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/04 11:23:16 base: machine check complete 2025/08/04 11:23:16 runner 9 connected 2025/08/04 11:23:16 runner 4 connected 2025/08/04 11:23:16 runner 2 connected 2025/08/04 11:23:17 runner 6 connected 2025/08/04 11:23:17 runner 7 connected 2025/08/04 11:23:17 runner 8 connected 2025/08/04 11:23:20 discovered 7668 source files, 337507 symbols 2025/08/04 11:23:20 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/04 11:23:20 coverage filter: svm_handle_exit: [svm_handle_exit svm_handle_exit_irqoff] 2025/08/04 11:23:20 coverage filter: svm_update_soft_interrupt_rip: [svm_update_soft_interrupt_rip] 2025/08/04 11:23:20 coverage filter: svm_vcpu_after_set_cpuid: [svm_vcpu_after_set_cpuid] 2025/08/04 11:23:20 coverage filter: svm_vcpu_create: [svm_vcpu_create] 2025/08/04 11:23:20 coverage filter: svm_vcpu_load: [svm_vcpu_load] 2025/08/04 11:23:20 coverage filter: arch/x86/include/asm/cpufeatures.h: [] 2025/08/04 11:23:20 coverage filter: arch/x86/include/asm/svm.h: [] 2025/08/04 11:23:20 coverage filter: arch/x86/kvm/svm/sev.c: [] 2025/08/04 11:23:20 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/08/04 11:23:20 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/08/04 11:23:20 area "symbols": 140 PCs in the cover filter 2025/08/04 11:23:20 area "files": 2050 PCs in the cover filter 2025/08/04 11:23:20 area "": 0 PCs in the cover filter 2025/08/04 11:23:20 executor cover filter: 0 PCs 2025/08/04 11:23:21 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/04 11:23:21 new: machine check complete 2025/08/04 11:23:24 new: adding 2209 seeds 2025/08/04 11:23:50 triaged 100.0% of the corpus 2025/08/04 11:23:50 starting bug reproductions 2025/08/04 11:23:50 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/04 11:23:50 triaged 100.0% of the corpus 2025/08/04 11:27:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 784, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 9629, "distributor delayed": 478, "distributor undelayed": 478, "distributor violated": 0, "exec candidate": 2209, "exec collide": 5084, "exec fuzz": 9872, "exec gen": 529, "exec hints": 1687, "exec inject": 0, "exec minimize": 10410, "exec retries": 0, "exec seeds": 2219, "exec smash": 11355, "exec total [base]": 24433, "exec total [new]": 52086, "exec triage": 2131, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 870, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 152, "max signal": 10613, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5595, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 910, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 242, "reproducing": 0, "rpc recv": 911828728, "rpc sent": 82577352, "signal": 9231, "smash jobs": 702, "triage jobs": 16, "vm output": 213949, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:32:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1086, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 11587, "distributor delayed": 593, "distributor undelayed": 593, "distributor violated": 0, "exec candidate": 2209, "exec collide": 10818, "exec fuzz": 20644, "exec gen": 1076, "exec hints": 4561, "exec inject": 0, "exec minimize": 15145, "exec retries": 0, "exec seeds": 3202, "exec smash": 24541, "exec total [base]": 40985, "exec total [new]": 91691, "exec triage": 2902, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 314, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 86, "max signal": 12036, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7780, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1248, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 235, "reproducing": 0, "rpc recv": 1332488444, "rpc sent": 185303848, "signal": 11030, "smash jobs": 219, "triage jobs": 9, "vm output": 402215, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:37:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1313, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12303, "distributor delayed": 694, "distributor undelayed": 694, "distributor violated": 0, "exec candidate": 2209, "exec collide": 17350, "exec fuzz": 32686, "exec gen": 1720, "exec hints": 8775, "exec inject": 0, "exec minimize": 18883, "exec retries": 0, "exec seeds": 3936, "exec smash": 32730, "exec total [base]": 56236, "exec total [new]": 128357, "exec triage": 3477, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13195, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9501, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1506, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 279, "reproducing": 0, "rpc recv": 1629142496, "rpc sent": 285715840, "signal": 11703, "smash jobs": 6, "triage jobs": 4, "vm output": 742331, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:42:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1427, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13021, "distributor delayed": 749, "distributor undelayed": 749, "distributor violated": 0, "exec candidate": 2209, "exec collide": 26147, "exec fuzz": 49352, "exec gen": 2587, "exec hints": 10278, "exec inject": 0, "exec minimize": 21251, "exec retries": 0, "exec seeds": 4281, "exec smash": 35545, "exec total [base]": 70167, "exec total [new]": 162007, "exec triage": 3766, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13654, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10620, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1635, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 271, "reproducing": 0, "rpc recv": 1809338696, "rpc sent": 393363504, "signal": 12404, "smash jobs": 9, "triage jobs": 3, "vm output": 1105480, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:47:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1520, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13324, "distributor delayed": 791, "distributor undelayed": 791, "distributor violated": 0, "exec candidate": 2209, "exec collide": 34983, "exec fuzz": 66526, "exec gen": 3473, "exec hints": 11044, "exec inject": 0, "exec minimize": 23041, "exec retries": 0, "exec seeds": 4560, "exec smash": 37939, "exec total [base]": 83155, "exec total [new]": 194369, "exec triage": 4003, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 5, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13954, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11445, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1738, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 1965194668, "rpc sent": 496175736, "signal": 12699, "smash jobs": 4, "triage jobs": 0, "vm output": 1442095, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:52:20 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1588, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13445, "distributor delayed": 820, "distributor undelayed": 820, "distributor violated": 0, "exec candidate": 2209, "exec collide": 44168, "exec fuzz": 84121, "exec gen": 4433, "exec hints": 11595, "exec inject": 0, "exec minimize": 24455, "exec retries": 0, "exec seeds": 4763, "exec smash": 39629, "exec total [base]": 96106, "exec total [new]": 226161, "exec triage": 4196, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14118, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12110, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1824, "no exec duration": 21614000000, "no exec requests": 127, "pending": 0, "prog exec time": 303, "reproducing": 0, "rpc recv": 2089906396, "rpc sent": 599144072, "signal": 12818, "smash jobs": 5, "triage jobs": 4, "vm output": 1776668, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/04 11:53:50 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/04 11:53:51 syz-diff (base): kernel context loop terminated 2025/08/04 11:53:51 syz-diff (new): kernel context loop terminated 2025/08/04 11:53:51 diff fuzzing terminated 2025/08/04 11:53:51 bug reporting terminated 2025/08/04 11:53:51 status reporting terminated 2025/08/04 11:53:51 fuzzing is finished 2025/08/04 11:53:51 status at the end: Title On-Base On-Patched