2025/09/01 20:11:25 extracted 327268 text symbol hashes for base and 327268 for patched 2025/09/01 20:11:25 binaries are different, continuing fuzzing 2025/09/01 20:11:25 adding modified_functions to focus areas: ["cpu_parse_topology_amd"] 2025/09/01 20:11:25 adding directly modified files to focus areas: ["Documentation/arch/x86/topology.rst" "arch/x86/include/asm/msr-index.h" "arch/x86/kernel/cpu/topology_amd.c"] 2025/09/01 20:11:26 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/01 20:12:24 runner 1 connected 2025/09/01 20:12:24 runner 0 connected 2025/09/01 20:12:24 runner 9 connected 2025/09/01 20:12:24 runner 5 connected 2025/09/01 20:12:24 runner 4 connected 2025/09/01 20:12:24 runner 8 connected 2025/09/01 20:12:24 runner 7 connected 2025/09/01 20:12:24 runner 1 connected 2025/09/01 20:12:24 runner 6 connected 2025/09/01 20:12:24 runner 2 connected 2025/09/01 20:12:25 runner 3 connected 2025/09/01 20:12:25 runner 3 connected 2025/09/01 20:12:25 runner 0 connected 2025/09/01 20:12:25 runner 2 connected 2025/09/01 20:12:30 initializing coverage information... 2025/09/01 20:12:31 executor cover filter: 0 PCs 2025/09/01 20:12:32 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/01 20:12:32 base: machine check complete 2025/09/01 20:12:35 discovered 7699 source files, 338673 symbols 2025/09/01 20:12:35 coverage filter: cpu_parse_topology_amd: [cpu_parse_topology_amd] 2025/09/01 20:12:35 coverage filter: Documentation/arch/x86/topology.rst: [] 2025/09/01 20:12:35 coverage filter: arch/x86/include/asm/msr-index.h: [] 2025/09/01 20:12:35 coverage filter: arch/x86/kernel/cpu/topology_amd.c: [arch/x86/kernel/cpu/topology_amd.c] 2025/09/01 20:12:35 area "symbols": 53 PCs in the cover filter 2025/09/01 20:12:35 area "files": 59 PCs in the cover filter 2025/09/01 20:12:35 area "": 0 PCs in the cover filter 2025/09/01 20:12:35 executor cover filter: 0 PCs 2025/09/01 20:12:36 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/01 20:12:36 new: machine check complete 2025/09/01 20:12:39 new: adding 2248 seeds 2025/09/01 20:12:57 triaged 98.4% of the corpus 2025/09/01 20:12:57 starting bug reproductions 2025/09/01 20:12:57 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/01 20:13:27 triaged 100.0% of the corpus 2025/09/01 20:16:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 767, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 9929, "distributor delayed": 382, "distributor undelayed": 382, "distributor violated": 0, "exec candidate": 2248, "exec collide": 4714, "exec fuzz": 8709, "exec gen": 472, "exec hints": 1293, "exec inject": 0, "exec minimize": 9397, "exec retries": 0, "exec seeds": 2183, "exec smash": 10146, "exec total [base]": 21790, "exec total [new]": 47833, "exec triage": 1982, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 846, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 133, "max signal": 10544, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5036, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 846, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 1435242108, "rpc sent": 76119704, "signal": 9220, "smash jobs": 707, "triage jobs": 6, "vm output": 229319, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:21:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 33, "corpus": 1046, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 12111, "distributor delayed": 521, "distributor undelayed": 521, "distributor violated": 0, "exec candidate": 2248, "exec collide": 10129, "exec fuzz": 18986, "exec gen": 1027, "exec hints": 3686, "exec inject": 0, "exec minimize": 14047, "exec retries": 0, "exec seeds": 3068, "exec smash": 23107, "exec total [base]": 37340, "exec total [new]": 85718, "exec triage": 2730, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 377, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 97, "max signal": 12552, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7161, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1173, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 291, "reproducing": 0, "rpc recv": 2619471908, "rpc sent": 167766232, "signal": 11618, "smash jobs": 272, "triage jobs": 8, "vm output": 431971, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:26:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1223, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 12745, "distributor delayed": 621, "distributor undelayed": 621, "distributor violated": 0, "exec candidate": 2248, "exec collide": 16081, "exec fuzz": 29989, "exec gen": 1646, "exec hints": 8579, "exec inject": 0, "exec minimize": 16789, "exec retries": 0, "exec seeds": 3649, "exec smash": 30303, "exec total [base]": 50833, "exec total [new]": 119211, "exec triage": 3235, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 27, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 8, "max signal": 13252, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8399, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1386, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 280, "reproducing": 0, "rpc recv": 3669213492, "rpc sent": 247479784, "signal": 12222, "smash jobs": 12, "triage jobs": 7, "vm output": 757652, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:31:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1334, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 6, "coverage": 13134, "distributor delayed": 664, "distributor undelayed": 664, "distributor violated": 0, "exec candidate": 2248, "exec collide": 23582, "exec fuzz": 44242, "exec gen": 2364, "exec hints": 10296, "exec inject": 0, "exec minimize": 18881, "exec retries": 0, "exec seeds": 3984, "exec smash": 33099, "exec total [base]": 62768, "exec total [new]": 148941, "exec triage": 3552, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13708, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9391, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1525, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 323, "reproducing": 0, "rpc recv": 4558716968, "rpc sent": 324124504, "signal": 12602, "smash jobs": 8, "triage jobs": 7, "vm output": 1035036, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:36:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1401, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 6, "coverage": 13317, "distributor delayed": 707, "distributor undelayed": 707, "distributor violated": 0, "exec candidate": 2248, "exec collide": 31873, "exec fuzz": 59788, "exec gen": 3178, "exec hints": 10776, "exec inject": 0, "exec minimize": 19931, "exec retries": 0, "exec seeds": 4188, "exec smash": 34865, "exec total [base]": 73940, "exec total [new]": 177292, "exec triage": 3753, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13918, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9883, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1606, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 335, "reproducing": 0, "rpc recv": 5331526160, "rpc sent": 404745872, "signal": 12766, "smash jobs": 2, "triage jobs": 1, "vm output": 1279050, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:41:27 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 76, "corpus": 1477, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 8, "coverage": 13522, "distributor delayed": 742, "distributor undelayed": 742, "distributor violated": 0, "exec candidate": 2248, "exec collide": 39953, "exec fuzz": 74995, "exec gen": 3978, "exec hints": 11774, "exec inject": 0, "exec minimize": 21374, "exec retries": 0, "exec seeds": 4419, "exec smash": 36809, "exec total [base]": 85575, "exec total [new]": 206222, "exec triage": 3980, "executor restarts [base]": 32, "executor restarts [new]": 53, "fault jobs": 0, "fuzzer jobs": 5, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 14167, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10571, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1703, "no exec duration": 19029000000, "no exec requests": 26, "pending": 0, "prog exec time": 320, "reproducing": 0, "rpc recv": 6142622484, "rpc sent": 486314024, "signal": 12963, "smash jobs": 1, "triage jobs": 2, "vm output": 1501558, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/01 20:43:27 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/01 20:43:28 syz-diff (new): kernel context loop terminated 2025/09/01 20:43:28 syz-diff (base): kernel context loop terminated 2025/09/01 20:43:28 diff fuzzing terminated 2025/09/01 20:43:28 status reporting terminated 2025/09/01 20:43:28 bug reporting terminated 2025/09/01 20:43:28 fuzzing is finished 2025/09/01 20:43:28 status at the end: Title On-Base On-Patched