2025/09/15 22:20:40 extracted 327616 text symbol hashes for base and 327616 for patched 2025/09/15 22:20:40 binaries are different, continuing fuzzing 2025/09/15 22:20:40 adding modified_functions to focus areas: ["psp_firmware_is_visible"] 2025/09/15 22:20:40 adding directly modified files to focus areas: ["arch/x86/include/asm/sev.h" "arch/x86/virt/svm/sev.c" "drivers/crypto/ccp/Makefile" "drivers/crypto/ccp/psp-dev.c" "drivers/crypto/ccp/psp-dev.h" "drivers/crypto/ccp/sev-dev.c" "drivers/crypto/ccp/sev-dev.h" "drivers/crypto/ccp/sfs.c" "drivers/crypto/ccp/sfs.h" "include/linux/psp-platform-access.h" "include/uapi/linux/psp-sfs.h"] 2025/09/15 22:20:41 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/15 22:21:39 runner 5 connected 2025/09/15 22:21:39 runner 1 connected 2025/09/15 22:21:46 initializing coverage information... 2025/09/15 22:21:46 executor cover filter: 0 PCs 2025/09/15 22:21:46 runner 9 connected 2025/09/15 22:21:46 runner 3 connected 2025/09/15 22:21:46 runner 8 connected 2025/09/15 22:21:47 runner 1 connected 2025/09/15 22:21:47 runner 0 connected 2025/09/15 22:21:47 runner 4 connected 2025/09/15 22:21:47 runner 0 connected 2025/09/15 22:21:47 runner 2 connected 2025/09/15 22:21:47 runner 6 connected 2025/09/15 22:21:47 runner 2 connected 2025/09/15 22:21:48 runner 3 connected 2025/09/15 22:21:48 runner 7 connected 2025/09/15 22:21:50 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/15 22:21:50 base: machine check complete 2025/09/15 22:21:52 discovered 7696 source files, 339049 symbols 2025/09/15 22:21:52 coverage filter: psp_firmware_is_visible: [psp_firmware_is_visible] 2025/09/15 22:21:52 coverage filter: arch/x86/include/asm/sev.h: [] 2025/09/15 22:21:52 coverage filter: arch/x86/virt/svm/sev.c: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/Makefile: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/psp-dev.c: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/psp-dev.h: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/sev-dev.c: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/sev-dev.h: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/sfs.c: [] 2025/09/15 22:21:52 coverage filter: drivers/crypto/ccp/sfs.h: [] 2025/09/15 22:21:52 coverage filter: include/linux/psp-platform-access.h: [] 2025/09/15 22:21:52 coverage filter: include/uapi/linux/psp-sfs.h: [] 2025/09/15 22:21:52 area "symbols": 14 PCs in the cover filter 2025/09/15 22:21:52 area "files": 0 PCs in the cover filter 2025/09/15 22:21:52 area "": 0 PCs in the cover filter 2025/09/15 22:21:52 executor cover filter: 0 PCs 2025/09/15 22:21:55 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/15 22:21:55 new: machine check complete 2025/09/15 22:21:59 new: adding 2306 seeds 2025/09/15 22:22:12 triaged 97.2% of the corpus 2025/09/15 22:22:12 starting bug reproductions 2025/09/15 22:22:12 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/15 22:22:42 triaged 100.0% of the corpus 2025/09/15 22:25:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 1, "corpus": 695, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 9383, "distributor delayed": 394, "distributor undelayed": 394, "distributor violated": 0, "exec candidate": 2306, "exec collide": 3946, "exec fuzz": 7677, "exec gen": 410, "exec hints": 1095, "exec inject": 0, "exec minimize": 8923, "exec retries": 0, "exec seeds": 1978, "exec smash": 8712, "exec total [base]": 19983, "exec total [new]": 43793, "exec triage": 1893, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 760, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 118, "max signal": 9773, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4861, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 797, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 223, "reproducing": 0, "rpc recv": 1375044628, "rpc sent": 62127672, "signal": 8945, "smash jobs": 630, "triage jobs": 12, "vm output": 196759, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:30:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 22, "corpus": 989, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11632, "distributor delayed": 545, "distributor undelayed": 545, "distributor violated": 0, "exec candidate": 2306, "exec collide": 9149, "exec fuzz": 17395, "exec gen": 937, "exec hints": 3381, "exec inject": 0, "exec minimize": 13902, "exec retries": 0, "exec seeds": 2911, "exec smash": 20943, "exec total [base]": 34675, "exec total [new]": 80423, "exec triage": 2647, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 444, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 117, "max signal": 12052, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7227, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1134, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 247, "reproducing": 0, "rpc recv": 2571465984, "rpc sent": 150603008, "signal": 11150, "smash jobs": 316, "triage jobs": 11, "vm output": 320283, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:35:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 35, "corpus": 1207, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 9, "coverage": 12309, "distributor delayed": 633, "distributor undelayed": 633, "distributor violated": 0, "exec candidate": 2306, "exec collide": 14185, "exec fuzz": 26908, "exec gen": 1443, "exec hints": 7701, "exec inject": 0, "exec minimize": 17478, "exec retries": 0, "exec seeds": 3611, "exec smash": 29922, "exec total [base]": 47671, "exec total [new]": 113586, "exec triage": 3181, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 33, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 12800, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8888, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1371, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 265, "reproducing": 0, "rpc recv": 3720827288, "rpc sent": 240707448, "signal": 11797, "smash jobs": 14, "triage jobs": 9, "vm output": 523549, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:40:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 46, "corpus": 1340, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 12, "coverage": 12891, "distributor delayed": 701, "distributor undelayed": 701, "distributor violated": 0, "exec candidate": 2306, "exec collide": 21207, "exec fuzz": 40701, "exec gen": 2153, "exec hints": 9523, "exec inject": 0, "exec minimize": 19733, "exec retries": 0, "exec seeds": 4015, "exec smash": 33239, "exec total [base]": 59531, "exec total [new]": 143291, "exec triage": 3562, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 13418, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9932, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1529, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 289, "reproducing": 0, "rpc recv": 4654381420, "rpc sent": 326721456, "signal": 12312, "smash jobs": 15, "triage jobs": 7, "vm output": 753601, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:45:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1438, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 13, "coverage": 13131, "distributor delayed": 750, "distributor undelayed": 750, "distributor violated": 0, "exec candidate": 2306, "exec collide": 28743, "exec fuzz": 54976, "exec gen": 2942, "exec hints": 9915, "exec inject": 0, "exec minimize": 21446, "exec retries": 0, "exec seeds": 4314, "exec smash": 35847, "exec total [base]": 70549, "exec total [new]": 171162, "exec triage": 3820, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13646, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10714, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1639, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 5526956260, "rpc sent": 412336528, "signal": 12533, "smash jobs": 8, "triage jobs": 3, "vm output": 924549, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:50:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 1520, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 14, "coverage": 13393, "distributor delayed": 793, "distributor undelayed": 793, "distributor violated": 0, "exec candidate": 2306, "exec collide": 36598, "exec fuzz": 69942, "exec gen": 3766, "exec hints": 10098, "exec inject": 0, "exec minimize": 22732, "exec retries": 0, "exec seeds": 4562, "exec smash": 37994, "exec total [base]": 81459, "exec total [new]": 198882, "exec triage": 4033, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13906, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11278, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1731, "no exec duration": 9000000000, "no exec requests": 9, "pending": 0, "prog exec time": 317, "reproducing": 0, "rpc recv": 6338035788, "rpc sent": 499740200, "signal": 12774, "smash jobs": 3, "triage jobs": 4, "vm output": 1104749, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/15 22:52:42 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/15 22:52:43 syz-diff (base): kernel context loop terminated 2025/09/15 22:52:43 syz-diff (new): kernel context loop terminated 2025/09/15 22:52:43 diff fuzzing terminated 2025/09/15 22:52:43 bug reporting terminated 2025/09/15 22:52:43 status reporting terminated 2025/09/15 22:52:43 fuzzing is finished 2025/09/15 22:52:43 status at the end: Title On-Base On-Patched