2025/09/19 01:16:07 extracted 327254 text symbol hashes for base and 327258 for patched 2025/09/19 01:16:07 symbol "svm_set_msr.__UNIQUE_ID___addressable___SCK__preempt_schedule2255" has different values in base vs patch 2025/09/19 01:16:07 binaries are different, continuing fuzzing 2025/09/19 01:16:07 adding modified_functions to focus areas: ["__pfx_avic_activate_vmcb" "__pfx_avic_param_set" "__pfx_avic_want_avic_enable" "avic_activate_vmcb" "avic_hardware_setup" "avic_incomplete_ipi_interception" "avic_init_vmcb" "avic_param_set" "avic_refresh_apicv_exec_ctrl" "avic_refresh_virtual_apic_mode" "avic_vcpu_blocking" "avic_vcpu_unblocking" "avic_want_avic_enable" "svm_hardware_setup" "svm_set_gif"] 2025/09/19 01:16:07 adding directly modified files to focus areas: ["arch/x86/kvm/svm/avic.c" "arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h"] 2025/09/19 01:16:09 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/19 01:17:06 runner 2 connected 2025/09/19 01:17:06 runner 3 connected 2025/09/19 01:17:06 runner 0 connected 2025/09/19 01:17:06 runner 1 connected 2025/09/19 01:17:06 runner 2 connected 2025/09/19 01:17:06 runner 4 connected 2025/09/19 01:17:07 runner 6 connected 2025/09/19 01:17:07 runner 3 connected 2025/09/19 01:17:13 initializing coverage information... 2025/09/19 01:17:13 executor cover filter: 0 PCs 2025/09/19 01:17:13 runner 7 connected 2025/09/19 01:17:13 runner 8 connected 2025/09/19 01:17:13 runner 1 connected 2025/09/19 01:17:14 runner 5 connected 2025/09/19 01:17:14 runner 9 connected 2025/09/19 01:17:15 runner 0 connected 2025/09/19 01:17:16 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/19 01:17:16 base: machine check complete 2025/09/19 01:17:18 discovered 7699 source files, 338653 symbols 2025/09/19 01:17:18 coverage filter: __pfx_avic_activate_vmcb: [] 2025/09/19 01:17:18 coverage filter: __pfx_avic_param_set: [] 2025/09/19 01:17:18 coverage filter: __pfx_avic_want_avic_enable: [] 2025/09/19 01:17:18 coverage filter: avic_activate_vmcb: [avic_activate_vmcb] 2025/09/19 01:17:18 coverage filter: avic_hardware_setup: [] 2025/09/19 01:17:18 coverage filter: avic_incomplete_ipi_interception: [avic_incomplete_ipi_interception] 2025/09/19 01:17:18 coverage filter: avic_init_vmcb: [avic_init_vmcb] 2025/09/19 01:17:18 coverage filter: avic_param_set: [avic_param_set] 2025/09/19 01:17:18 coverage filter: avic_refresh_apicv_exec_ctrl: [avic_refresh_apicv_exec_ctrl] 2025/09/19 01:17:18 coverage filter: avic_refresh_virtual_apic_mode: [avic_refresh_virtual_apic_mode] 2025/09/19 01:17:18 coverage filter: avic_vcpu_blocking: [avic_vcpu_blocking] 2025/09/19 01:17:18 coverage filter: avic_vcpu_unblocking: [avic_vcpu_unblocking] 2025/09/19 01:17:18 coverage filter: avic_want_avic_enable: [] 2025/09/19 01:17:18 coverage filter: svm_hardware_setup: [] 2025/09/19 01:17:18 coverage filter: svm_set_gif: [svm_set_gif] 2025/09/19 01:17:18 coverage filter: arch/x86/kvm/svm/avic.c: [arch/x86/kvm/svm/avic.c] 2025/09/19 01:17:18 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/09/19 01:17:18 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/09/19 01:17:18 area "symbols": 196 PCs in the cover filter 2025/09/19 01:17:18 area "files": 2517 PCs in the cover filter 2025/09/19 01:17:18 area "": 0 PCs in the cover filter 2025/09/19 01:17:18 executor cover filter: 0 PCs 2025/09/19 01:17:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/19 01:17:20 new: machine check complete 2025/09/19 01:17:23 new: adding 2320 seeds 2025/09/19 01:17:40 triaged 97.1% of the corpus 2025/09/19 01:17:40 starting bug reproductions 2025/09/19 01:17:40 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/19 01:18:10 triaged 100.0% of the corpus 2025/09/19 01:21:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 712, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9485, "distributor delayed": 379, "distributor undelayed": 379, "distributor violated": 0, "exec candidate": 2320, "exec collide": 4193, "exec fuzz": 8123, "exec gen": 456, "exec hints": 1253, "exec inject": 0, "exec minimize": 8978, "exec retries": 0, "exec seeds": 1988, "exec smash": 9239, "exec total [base]": 20747, "exec total [new]": 45362, "exec triage": 1902, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 802, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 140, "max signal": 9843, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4851, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 804, "no exec duration": 20008000000, "no exec requests": 21, "pending": 0, "prog exec time": 202, "reproducing": 0, "rpc recv": 1392157088, "rpc sent": 65700216, "signal": 9047, "smash jobs": 651, "triage jobs": 11, "vm output": 208965, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:26:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 12, "corpus": 1040, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12210, "distributor delayed": 553, "distributor undelayed": 553, "distributor violated": 0, "exec candidate": 2320, "exec collide": 9496, "exec fuzz": 18151, "exec gen": 987, "exec hints": 3610, "exec inject": 0, "exec minimize": 14538, "exec retries": 0, "exec seeds": 3031, "exec smash": 21696, "exec total [base]": 36066, "exec total [new]": 83550, "exec triage": 2808, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 475, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 118, "max signal": 12642, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7499, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1193, "no exec duration": 20008000000, "no exec requests": 21, "pending": 0, "prog exec time": 230, "reproducing": 0, "rpc recv": 2684936796, "rpc sent": 151819944, "signal": 11713, "smash jobs": 345, "triage jobs": 12, "vm output": 302575, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:31:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 27, "corpus": 1229, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 12841, "distributor delayed": 634, "distributor undelayed": 634, "distributor violated": 0, "exec candidate": 2320, "exec collide": 15179, "exec fuzz": 28634, "exec gen": 1518, "exec hints": 7165, "exec inject": 0, "exec minimize": 17632, "exec retries": 0, "exec seeds": 3650, "exec smash": 30291, "exec total [base]": 49318, "exec total [new]": 116641, "exec triage": 3341, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 25, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 13342, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8935, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1414, "no exec duration": 20008000000, "no exec requests": 21, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 3820936136, "rpc sent": 232167904, "signal": 12322, "smash jobs": 13, "triage jobs": 2, "vm output": 494228, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:36:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1333, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 5, "coverage": 13130, "distributor delayed": 683, "distributor undelayed": 683, "distributor violated": 0, "exec candidate": 2320, "exec collide": 23028, "exec fuzz": 43520, "exec gen": 2391, "exec hints": 8456, "exec inject": 0, "exec minimize": 19415, "exec retries": 0, "exec seeds": 3971, "exec smash": 33038, "exec total [base]": 61216, "exec total [new]": 146695, "exec triage": 3641, "executor restarts [base]": 33, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13668, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9804, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1541, "no exec duration": 20008000000, "no exec requests": 21, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 4655630468, "rpc sent": 311710376, "signal": 12601, "smash jobs": 4, "triage jobs": 3, "vm output": 689248, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:41:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 50, "corpus": 1436, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 12, "coverage": 13454, "distributor delayed": 733, "distributor undelayed": 733, "distributor violated": 0, "exec candidate": 2320, "exec collide": 30518, "exec fuzz": 57979, "exec gen": 3152, "exec hints": 9117, "exec inject": 0, "exec minimize": 21324, "exec retries": 0, "exec seeds": 4284, "exec smash": 35664, "exec total [base]": 72681, "exec total [new]": 175189, "exec triage": 3916, "executor restarts [base]": 33, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 14083, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10710, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1661, "no exec duration": 20008000000, "no exec requests": 21, "pending": 0, "prog exec time": 320, "reproducing": 0, "rpc recv": 5558994072, "rpc sent": 393839960, "signal": 12882, "smash jobs": 3, "triage jobs": 6, "vm output": 917585, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:46:10 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1522, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 20, "coverage": 13677, "distributor delayed": 774, "distributor undelayed": 774, "distributor violated": 0, "exec candidate": 2320, "exec collide": 37937, "exec fuzz": 72382, "exec gen": 3912, "exec hints": 11609, "exec inject": 0, "exec minimize": 22846, "exec retries": 0, "exec seeds": 4539, "exec smash": 37741, "exec total [base]": 84014, "exec total [new]": 204342, "exec triage": 4142, "executor restarts [base]": 33, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 14300, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11439, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1758, "no exec duration": 20396000000, "no exec requests": 25, "pending": 0, "prog exec time": 289, "reproducing": 0, "rpc recv": 6397995420, "rpc sent": 472681736, "signal": 13083, "smash jobs": 9, "triage jobs": 2, "vm output": 1151409, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/19 01:48:10 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/19 01:48:10 syz-diff (new): kernel context loop terminated 2025/09/19 01:48:10 syz-diff (base): kernel context loop terminated 2025/09/19 01:48:10 diff fuzzing terminated 2025/09/19 01:48:10 status reporting terminated 2025/09/19 01:48:10 bug reporting terminated 2025/09/19 01:48:10 fuzzing is finished 2025/09/19 01:48:10 status at the end: Title On-Base On-Patched