2025/08/20 00:39:42 extracted 303749 symbol hashes for base and 303747 for patched 2025/08/20 00:39:42 binaries are different, continuing fuzzing 2025/08/20 00:39:42 adding modified_functions to focus areas: ["svm_cancel_injection" "svm_handle_exit" "svm_inject_exception" "svm_inject_irq" "svm_set_msr" "svm_sync_dirty_debug_regs" "svm_update_soft_interrupt_rip" "svm_vcpu_after_set_cpuid" "svm_vcpu_load" "svm_vcpu_reset" "svm_vcpu_run"] 2025/08/20 00:39:42 adding directly modified files to focus areas: ["arch/x86/include/asm/cpufeatures.h" "arch/x86/include/asm/svm.h" "arch/x86/kvm/svm/sev.c" "arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h"] 2025/08/20 00:39:44 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/20 00:40:57 runner 9 connected 2025/08/20 00:40:57 runner 4 connected 2025/08/20 00:40:57 runner 8 connected 2025/08/20 00:40:57 runner 6 connected 2025/08/20 00:40:57 runner 2 connected 2025/08/20 00:40:57 runner 1 connected 2025/08/20 00:40:57 runner 0 connected 2025/08/20 00:40:57 runner 3 connected 2025/08/20 00:40:57 runner 1 connected 2025/08/20 00:41:04 runner 7 connected 2025/08/20 00:41:05 runner 5 connected 2025/08/20 00:41:05 runner 3 connected 2025/08/20 00:41:05 runner 0 connected 2025/08/20 00:41:06 initializing coverage information... 2025/08/20 00:41:07 executor cover filter: 0 PCs 2025/08/20 00:41:09 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/20 00:41:09 base: machine check complete 2025/08/20 00:41:13 discovered 7699 source files, 338616 symbols 2025/08/20 00:41:14 coverage filter: svm_cancel_injection: [svm_cancel_injection] 2025/08/20 00:41:14 coverage filter: svm_handle_exit: [svm_handle_exit svm_handle_exit_irqoff] 2025/08/20 00:41:14 coverage filter: svm_inject_exception: [svm_inject_exception] 2025/08/20 00:41:14 coverage filter: svm_inject_irq: [svm_inject_irq] 2025/08/20 00:41:14 coverage filter: svm_set_msr: [svm_set_msr] 2025/08/20 00:41:14 coverage filter: svm_sync_dirty_debug_regs: [svm_sync_dirty_debug_regs] 2025/08/20 00:41:14 coverage filter: svm_update_soft_interrupt_rip: [svm_update_soft_interrupt_rip] 2025/08/20 00:41:14 coverage filter: svm_vcpu_after_set_cpuid: [svm_vcpu_after_set_cpuid] 2025/08/20 00:41:14 coverage filter: svm_vcpu_load: [svm_vcpu_load] 2025/08/20 00:41:14 coverage filter: svm_vcpu_reset: [svm_vcpu_reset] 2025/08/20 00:41:14 coverage filter: svm_vcpu_run: [svm_vcpu_run] 2025/08/20 00:41:14 coverage filter: arch/x86/include/asm/cpufeatures.h: [] 2025/08/20 00:41:14 coverage filter: arch/x86/include/asm/svm.h: [] 2025/08/20 00:41:14 coverage filter: arch/x86/kvm/svm/sev.c: [] 2025/08/20 00:41:14 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/08/20 00:41:14 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/08/20 00:41:14 area "symbols": 458 PCs in the cover filter 2025/08/20 00:41:14 area "files": 2057 PCs in the cover filter 2025/08/20 00:41:14 area "": 0 PCs in the cover filter 2025/08/20 00:41:14 executor cover filter: 0 PCs 2025/08/20 00:41:15 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/20 00:41:15 new: machine check complete 2025/08/20 00:41:20 new: adding 2311 seeds 2025/08/20 00:41:45 triaged 97.5% of the corpus 2025/08/20 00:41:45 starting bug reproductions 2025/08/20 00:41:45 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/20 00:42:15 triaged 100.0% of the corpus 2025/08/20 00:44:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 652, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9542, "distributor delayed": 346, "distributor undelayed": 346, "distributor violated": 0, "exec candidate": 2311, "exec collide": 2995, "exec fuzz": 5878, "exec gen": 308, "exec hints": 848, "exec inject": 0, "exec minimize": 8314, "exec retries": 0, "exec seeds": 1832, "exec smash": 6243, "exec total [base]": 12921, "exec total [new]": 37459, "exec triage": 1854, "executor restarts [base]": 28, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 785, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 147, "max signal": 10742, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4536, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 768, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 225, "reproducing": 0, "rpc recv": 760109804, "rpc sent": 43466288, "signal": 9073, "smash jobs": 615, "triage jobs": 23, "vm output": 202339, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/20 00:49:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 15, "corpus": 919, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11486, "distributor delayed": 484, "distributor undelayed": 484, "distributor violated": 0, "exec candidate": 2311, "exec collide": 7377, "exec fuzz": 14195, "exec gen": 766, "exec hints": 2471, "exec inject": 0, "exec minimize": 13102, "exec retries": 0, "exec seeds": 2675, "exec smash": 16931, "exec total [base]": 23046, "exec total [new]": 69341, "exec triage": 2637, "executor restarts [base]": 28, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 767, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 142, "max signal": 12049, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6846, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1094, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 1091978380, "rpc sent": 108355104, "signal": 10900, "smash jobs": 610, "triage jobs": 15, "vm output": 287146, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/20 00:49:51 base: boot error: can't ssh into the instance 2025/08/20 00:51:03 runner 2 connected 2025/08/20 00:54:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 32, "corpus": 1100, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12220, "distributor delayed": 575, "distributor undelayed": 575, "distributor violated": 0, "exec candidate": 2311, "exec collide": 11479, "exec fuzz": 22016, "exec gen": 1142, "exec hints": 4988, "exec inject": 0, "exec minimize": 16320, "exec retries": 0, "exec seeds": 3296, "exec smash": 26092, "exec total [base]": 33855, "exec total [new]": 97654, "exec triage": 3131, "executor restarts [base]": 31, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 191, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 57, "max signal": 12731, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8328, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1305, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 337, "reproducing": 0, "rpc recv": 1382022244, "rpc sent": 176928032, "signal": 11571, "smash jobs": 125, "triage jobs": 9, "vm output": 391150, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/20 00:59:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 38, "corpus": 1228, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12669, "distributor delayed": 641, "distributor undelayed": 641, "distributor violated": 0, "exec candidate": 2311, "exec collide": 16631, "exec fuzz": 32050, "exec gen": 1635, "exec hints": 7885, "exec inject": 0, "exec minimize": 18919, "exec retries": 0, "exec seeds": 3699, "exec smash": 30725, "exec total [base]": 44895, "exec total [new]": 124233, "exec triage": 3501, "executor restarts [base]": 31, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13238, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9503, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1459, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 332, "reproducing": 0, "rpc recv": 1602251196, "rpc sent": 243612888, "signal": 12051, "smash jobs": 8, "triage jobs": 3, "vm output": 559747, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/20 01:04:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 48, "corpus": 1330, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12987, "distributor delayed": 702, "distributor undelayed": 702, "distributor violated": 0, "exec candidate": 2311, "exec collide": 22890, "exec fuzz": 44113, "exec gen": 2270, "exec hints": 9627, "exec inject": 0, "exec minimize": 20604, "exec retries": 0, "exec seeds": 4008, "exec smash": 33327, "exec total [base]": 55381, "exec total [new]": 149827, "exec triage": 3799, "executor restarts [base]": 31, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13565, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10278, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1586, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 369, "reproducing": 0, "rpc recv": 1745297740, "rpc sent": 311891440, "signal": 12362, "smash jobs": 8, "triage jobs": 7, "vm output": 733062, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/20 01:09:45 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1388, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 13179, "distributor delayed": 736, "distributor undelayed": 736, "distributor violated": 0, "exec candidate": 2311, "exec collide": 29655, "exec fuzz": 56854, "exec gen": 2950, "exec hints": 10240, "exec inject": 0, "exec minimize": 21648, "exec retries": 0, "exec seeds": 4188, "exec smash": 34858, "exec total [base]": 65230, "exec total [new]": 173568, "exec triage": 3989, "executor restarts [base]": 31, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13839, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10765, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1663, "no exec duration": 18006000000, "no exec requests": 19, "pending": 0, "prog exec time": 397, "reproducing": 0, "rpc recv": 1837248548, "rpc sent": 382034128, "signal": 12541, "smash jobs": 4, "triage jobs": 5, "vm output": 922317, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/20 01:12:15 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/20 01:12:15 syz-diff (base): kernel context loop terminated 2025/08/20 01:12:15 syz-diff (new): kernel context loop terminated 2025/08/20 01:12:15 diff fuzzing terminated 2025/08/20 01:12:15 bug reporting terminated 2025/08/20 01:12:15 status reporting terminated 2025/08/20 01:12:15 fuzzing is finished 2025/08/20 01:12:15 status at the end: Title On-Base On-Patched