2025/09/04 19:01:45 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/04 19:01:45 symbol "avic_ring_doorbell.__UNIQUE_ID___addressable___SCK__preempt_schedule2065" has different values in base vs patch 2025/09/04 19:01:45 binaries are different, continuing fuzzing 2025/09/04 19:01:45 adding modified_functions to focus areas: ["avic_hardware_setup" "avic_incomplete_ipi_interception" "svm_hardware_setup"] 2025/09/04 19:01:45 adding directly modified files to focus areas: ["arch/x86/kvm/svm/avic.c" "arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h"] 2025/09/04 19:01:46 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/04 19:02:44 runner 8 connected 2025/09/04 19:02:44 runner 6 connected 2025/09/04 19:02:44 runner 2 connected 2025/09/04 19:02:44 runner 3 connected 2025/09/04 19:02:44 runner 5 connected 2025/09/04 19:02:44 runner 2 connected 2025/09/04 19:02:44 runner 0 connected 2025/09/04 19:02:50 runner 3 connected 2025/09/04 19:02:51 initializing coverage information... 2025/09/04 19:02:51 executor cover filter: 0 PCs 2025/09/04 19:02:51 runner 9 connected 2025/09/04 19:02:51 runner 1 connected 2025/09/04 19:02:51 runner 4 connected 2025/09/04 19:02:52 runner 1 connected 2025/09/04 19:02:52 runner 7 connected 2025/09/04 19:02:53 runner 0 connected 2025/09/04 19:02:53 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/04 19:02:53 base: machine check complete 2025/09/04 19:02:56 discovered 7699 source files, 338653 symbols 2025/09/04 19:02:56 coverage filter: avic_hardware_setup: [avic_hardware_setup] 2025/09/04 19:02:56 coverage filter: avic_incomplete_ipi_interception: [avic_incomplete_ipi_interception] 2025/09/04 19:02:56 coverage filter: svm_hardware_setup: [] 2025/09/04 19:02:56 coverage filter: arch/x86/kvm/svm/avic.c: [arch/x86/kvm/svm/avic.c] 2025/09/04 19:02:56 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/09/04 19:02:56 coverage filter: arch/x86/kvm/svm/svm.h: [] 2025/09/04 19:02:56 area "symbols": 108 PCs in the cover filter 2025/09/04 19:02:56 area "files": 2524 PCs in the cover filter 2025/09/04 19:02:56 area "": 0 PCs in the cover filter 2025/09/04 19:02:56 executor cover filter: 0 PCs 2025/09/04 19:02:57 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/04 19:02:57 new: machine check complete 2025/09/04 19:03:01 new: adding 2217 seeds 2025/09/04 19:03:17 triaged 97.2% of the corpus 2025/09/04 19:03:17 starting bug reproductions 2025/09/04 19:03:17 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/04 19:03:47 triaged 100.0% of the corpus 2025/09/04 19:06:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 706, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10089, "distributor delayed": 374, "distributor undelayed": 374, "distributor violated": 0, "exec candidate": 2217, "exec collide": 4049, "exec fuzz": 7863, "exec gen": 399, "exec hints": 1205, "exec inject": 0, "exec minimize": 9257, "exec retries": 0, "exec seeds": 1988, "exec smash": 8755, "exec total [base]": 19942, "exec total [new]": 44304, "exec triage": 1984, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 820, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 145, "max signal": 10436, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4961, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 835, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 227, "reproducing": 0, "rpc recv": 1446577336, "rpc sent": 67612064, "signal": 9681, "smash jobs": 665, "triage jobs": 10, "vm output": 216018, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:11:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 16, "corpus": 1037, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 13, "coverage": 11985, "distributor delayed": 538, "distributor undelayed": 538, "distributor violated": 0, "exec candidate": 2217, "exec collide": 9216, "exec fuzz": 17860, "exec gen": 939, "exec hints": 3276, "exec inject": 0, "exec minimize": 14212, "exec retries": 0, "exec seeds": 3051, "exec smash": 21330, "exec total [base]": 34677, "exec total [new]": 81566, "exec triage": 2878, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 536, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 128, "max signal": 12441, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7197, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1217, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 223, "reproducing": 0, "rpc recv": 2701922252, "rpc sent": 147425080, "signal": 11459, "smash jobs": 400, "triage jobs": 8, "vm output": 403067, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:16:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1233, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 48, "coverage": 12587, "distributor delayed": 627, "distributor undelayed": 627, "distributor violated": 0, "exec candidate": 2217, "exec collide": 14630, "exec fuzz": 28140, "exec gen": 1481, "exec hints": 6441, "exec inject": 0, "exec minimize": 17299, "exec retries": 0, "exec seeds": 3699, "exec smash": 30694, "exec total [base]": 47677, "exec total [new]": 114532, "exec triage": 3344, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13047, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8612, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1427, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 281, "reproducing": 0, "rpc recv": 3794293624, "rpc sent": 227656512, "signal": 12020, "smash jobs": 10, "triage jobs": 9, "vm output": 591039, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:21:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 37, "corpus": 1361, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 123, "coverage": 12885, "distributor delayed": 697, "distributor undelayed": 697, "distributor violated": 0, "exec candidate": 2217, "exec collide": 21961, "exec fuzz": 41914, "exec gen": 2240, "exec hints": 7565, "exec inject": 0, "exec minimize": 19596, "exec retries": 0, "exec seeds": 4082, "exec smash": 33880, "exec total [base]": 59208, "exec total [new]": 143756, "exec triage": 3715, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13376, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9672, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1583, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 304, "reproducing": 0, "rpc recv": 4703340252, "rpc sent": 303035136, "signal": 12301, "smash jobs": 10, "triage jobs": 5, "vm output": 749118, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:26:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 40, "corpus": 1423, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 171, "coverage": 13010, "distributor delayed": 729, "distributor undelayed": 729, "distributor violated": 0, "exec candidate": 2217, "exec collide": 30333, "exec fuzz": 57592, "exec gen": 3135, "exec hints": 7695, "exec inject": 0, "exec minimize": 20551, "exec retries": 0, "exec seeds": 4270, "exec smash": 35550, "exec total [base]": 70427, "exec total [new]": 171822, "exec triage": 3891, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13500, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10118, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1660, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 316, "reproducing": 0, "rpc recv": 5461157048, "rpc sent": 379914120, "signal": 12421, "smash jobs": 3, "triage jobs": 5, "vm output": 921546, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:31:47 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1506, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 307, "coverage": 13276, "distributor delayed": 772, "distributor undelayed": 772, "distributor violated": 0, "exec candidate": 2217, "exec collide": 38193, "exec fuzz": 72560, "exec gen": 3916, "exec hints": 8103, "exec inject": 0, "exec minimize": 21940, "exec retries": 0, "exec seeds": 4520, "exec smash": 37504, "exec total [base]": 81375, "exec total [new]": 199659, "exec triage": 4116, "executor restarts [base]": 32, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13933, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10752, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1756, "no exec duration": 19000000000, "no exec requests": 19, "pending": 0, "prog exec time": 309, "reproducing": 0, "rpc recv": 6274244128, "rpc sent": 453059088, "signal": 12673, "smash jobs": 10, "triage jobs": 3, "vm output": 1109892, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/04 19:33:47 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/04 19:33:48 syz-diff (base): kernel context loop terminated 2025/09/04 19:33:48 syz-diff (new): kernel context loop terminated 2025/09/04 19:33:48 diff fuzzing terminated 2025/09/04 19:33:48 bug reporting terminated 2025/09/04 19:33:48 status reporting terminated 2025/09/04 19:33:48 fuzzing is finished 2025/09/04 19:33:48 status at the end: Title On-Base On-Patched