2025/08/27 00:35:47 extracted 303777 symbol hashes for base and 303777 for patched 2025/08/27 00:35:47 binaries are different, continuing fuzzing 2025/08/27 00:35:47 adding modified_functions to focus areas: ["____kvm_emulate_hypercall" "__get_sregs2" "__kvm_synchronize_tsc" "__set_sregs2" "complete_emulated_msr_access" "complete_emulated_rdmsr" "do_get_feature_msr" "emulator_get_msr" "emulator_get_msr_with_filter" "emulator_set_msr_with_filter" "handle_emulation_failure" "handle_fastpath_set_msr_irqoff" "inject_emulated_exception" "kvm_arch_async_page_not_present" "kvm_arch_init_vm" "kvm_arch_vcpu_create" "kvm_arch_vcpu_ioctl" "kvm_arch_vcpu_ioctl_run" "kvm_arch_vcpu_ioctl_set_guest_debug" "kvm_arch_vcpu_postcreate" "kvm_arch_vcpu_pre_fault_memory" "kvm_arch_vm_ioctl" "kvm_complete_insn_gp" "kvm_emulate_as_nop" "kvm_emulate_invd" "kvm_emulate_monitor_mwait" "kvm_emulate_rdpmc" "kvm_emulate_xsetbv" "kvm_handle_invpcid" "kvm_sched_yield" "kvm_set_msr_ignored_check" "kvm_skip_emulated_instruction" "kvm_synchronize_tsc" "kvm_vcpu_do_singlestep" "kvm_vcpu_ioctl_x86_get_vcpu_events" "kvm_vcpu_ioctl_x86_set_vcpu_events" "pvclock_update_vm_gtod_copy" "svm_vm_init" "vcpu_run" "x86_emulate_instruction"] 2025/08/27 00:35:47 adding directly modified files to focus areas: ["arch/x86/include/asm/kvm_host.h" "arch/x86/kvm/vmx/tdx.c" "arch/x86/kvm/x86.c"] 2025/08/27 00:35:48 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/27 00:36:46 runner 4 connected 2025/08/27 00:36:46 runner 6 connected 2025/08/27 00:36:46 runner 2 connected 2025/08/27 00:36:46 runner 3 connected 2025/08/27 00:36:52 runner 1 connected 2025/08/27 00:36:52 runner 0 connected 2025/08/27 00:36:52 initializing coverage information... 2025/08/27 00:36:52 executor cover filter: 0 PCs 2025/08/27 00:36:52 runner 9 connected 2025/08/27 00:36:53 runner 7 connected 2025/08/27 00:36:53 runner 8 connected 2025/08/27 00:36:53 runner 2 connected 2025/08/27 00:36:53 runner 3 connected 2025/08/27 00:36:53 runner 1 connected 2025/08/27 00:36:54 runner 0 connected 2025/08/27 00:36:54 runner 5 connected 2025/08/27 00:36:56 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/08/27 00:36:56 base: machine check complete 2025/08/27 00:36:58 discovered 7699 source files, 338649 symbols 2025/08/27 00:36:58 coverage filter: ____kvm_emulate_hypercall: [____kvm_emulate_hypercall] 2025/08/27 00:36:58 coverage filter: __get_sregs2: [__get_sregs2] 2025/08/27 00:36:58 coverage filter: __kvm_synchronize_tsc: [__kvm_synchronize_tsc] 2025/08/27 00:36:58 coverage filter: __set_sregs2: [__set_sregs2] 2025/08/27 00:36:58 coverage filter: complete_emulated_msr_access: [complete_emulated_msr_access] 2025/08/27 00:36:58 coverage filter: complete_emulated_rdmsr: [complete_emulated_rdmsr] 2025/08/27 00:36:58 coverage filter: do_get_feature_msr: [do_get_feature_msr] 2025/08/27 00:36:58 coverage filter: emulator_get_msr: [emulator_get_msr emulator_get_msr_with_filter] 2025/08/27 00:36:58 coverage filter: emulator_get_msr_with_filter: [] 2025/08/27 00:36:58 coverage filter: emulator_set_msr_with_filter: [emulator_set_msr_with_filter] 2025/08/27 00:36:58 coverage filter: handle_emulation_failure: [handle_emulation_failure] 2025/08/27 00:36:58 coverage filter: handle_fastpath_set_msr_irqoff: [handle_fastpath_set_msr_irqoff] 2025/08/27 00:36:58 coverage filter: inject_emulated_exception: [inject_emulated_exception] 2025/08/27 00:36:58 coverage filter: kvm_arch_async_page_not_present: [kvm_arch_async_page_not_present] 2025/08/27 00:36:58 coverage filter: kvm_arch_init_vm: [kvm_arch_init_vm] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_create: [kvm_arch_vcpu_create] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_ioctl: [kvm_arch_vcpu_ioctl kvm_arch_vcpu_ioctl_get_fpu kvm_arch_vcpu_ioctl_get_mpstate kvm_arch_vcpu_ioctl_get_regs kvm_arch_vcpu_ioctl_get_sregs kvm_arch_vcpu_ioctl_run kvm_arch_vcpu_ioctl_set_fpu kvm_arch_vcpu_ioctl_set_guest_debug kvm_arch_vcpu_ioctl_set_mpstate kvm_arch_vcpu_ioctl_set_regs kvm_arch_vcpu_ioctl_set_sregs kvm_arch_vcpu_ioctl_translate] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_ioctl_run: [] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_ioctl_set_guest_debug: [] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_postcreate: [kvm_arch_vcpu_postcreate] 2025/08/27 00:36:58 coverage filter: kvm_arch_vcpu_pre_fault_memory: [kvm_arch_vcpu_pre_fault_memory] 2025/08/27 00:36:58 coverage filter: kvm_arch_vm_ioctl: [kvm_arch_vm_ioctl] 2025/08/27 00:36:58 coverage filter: kvm_complete_insn_gp: [kvm_complete_insn_gp] 2025/08/27 00:36:58 coverage filter: kvm_emulate_as_nop: [kvm_emulate_as_nop] 2025/08/27 00:36:58 coverage filter: kvm_emulate_invd: [kvm_emulate_invd] 2025/08/27 00:36:58 coverage filter: kvm_emulate_monitor_mwait: [kvm_emulate_monitor_mwait] 2025/08/27 00:36:58 coverage filter: kvm_emulate_rdpmc: [kvm_emulate_rdpmc] 2025/08/27 00:36:58 coverage filter: kvm_emulate_xsetbv: [kvm_emulate_xsetbv] 2025/08/27 00:36:58 coverage filter: kvm_handle_invpcid: [kvm_handle_invpcid] 2025/08/27 00:36:58 coverage filter: kvm_sched_yield: [kvm_sched_yield] 2025/08/27 00:36:58 coverage filter: kvm_set_msr_ignored_check: [kvm_set_msr_ignored_check] 2025/08/27 00:36:58 coverage filter: kvm_skip_emulated_instruction: [kvm_skip_emulated_instruction] 2025/08/27 00:36:58 coverage filter: kvm_synchronize_tsc: [kvm_synchronize_tsc] 2025/08/27 00:36:58 coverage filter: kvm_vcpu_do_singlestep: [kvm_vcpu_do_singlestep] 2025/08/27 00:36:58 coverage filter: kvm_vcpu_ioctl_x86_get_vcpu_events: [kvm_vcpu_ioctl_x86_get_vcpu_events] 2025/08/27 00:36:58 coverage filter: kvm_vcpu_ioctl_x86_set_vcpu_events: [kvm_vcpu_ioctl_x86_set_vcpu_events] 2025/08/27 00:36:58 coverage filter: pvclock_update_vm_gtod_copy: [pvclock_update_vm_gtod_copy] 2025/08/27 00:36:58 coverage filter: svm_vm_init: [svm_vm_init] 2025/08/27 00:36:58 coverage filter: vcpu_run: [__vmx_vcpu_run_flags kvm_arch_vcpu_runnable svm_vcpu_run vcpu_run vmx_vcpu_run] 2025/08/27 00:36:58 coverage filter: x86_emulate_instruction: [x86_emulate_instruction] 2025/08/27 00:36:58 coverage filter: arch/x86/include/asm/kvm_host.h: [] 2025/08/27 00:36:58 coverage filter: arch/x86/kvm/vmx/tdx.c: [] 2025/08/27 00:36:58 coverage filter: arch/x86/kvm/x86.c: [arch/x86/kvm/x86.c] 2025/08/27 00:36:58 area "symbols": 2487 PCs in the cover filter 2025/08/27 00:36:58 area "files": 9523 PCs in the cover filter 2025/08/27 00:36:58 area "": 0 PCs in the cover filter 2025/08/27 00:36:58 executor cover filter: 0 PCs 2025/08/27 00:37:00 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/08/27 00:37:00 new: machine check complete 2025/08/27 00:37:04 new: adding 2260 seeds 2025/08/27 00:37:19 triaged 97.2% of the corpus 2025/08/27 00:37:19 starting bug reproductions 2025/08/27 00:37:19 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/27 00:37:49 triaged 100.0% of the corpus 2025/08/27 00:40:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 2, "corpus": 728, "corpus [files]": 477, "corpus [symbols]": 347, "cover overflows": 0, "coverage": 10704, "distributor delayed": 346, "distributor undelayed": 346, "distributor violated": 0, "exec candidate": 2260, "exec collide": 3572, "exec fuzz": 6876, "exec gen": 335, "exec hints": 1120, "exec inject": 0, "exec minimize": 9699, "exec retries": 0, "exec seeds": 1988, "exec smash": 7392, "exec total [base]": 19191, "exec total [new]": 41971, "exec triage": 2010, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 885, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 185, "max signal": 11092, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5161, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 824, "no exec duration": 12004000000, "no exec requests": 13, "pending": 0, "prog exec time": 296, "reproducing": 0, "rpc recv": 1438225096, "rpc sent": 58267072, "signal": 10213, "smash jobs": 689, "triage jobs": 11, "vm output": 266581, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/27 00:45:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 23, "corpus": 958, "corpus [files]": 664, "corpus [symbols]": 514, "cover overflows": 1, "coverage": 11926, "distributor delayed": 469, "distributor undelayed": 469, "distributor violated": 0, "exec candidate": 2260, "exec collide": 8213, "exec fuzz": 15544, "exec gen": 806, "exec hints": 3002, "exec inject": 0, "exec minimize": 13839, "exec retries": 0, "exec seeds": 2762, "exec smash": 18511, "exec total [base]": 32249, "exec total [new]": 74360, "exec triage": 2705, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 642, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 138, "max signal": 12380, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7077, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1111, "no exec duration": 12004000000, "no exec requests": 13, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 2640195048, "rpc sent": 130156656, "signal": 11443, "smash jobs": 499, "triage jobs": 5, "vm output": 410489, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/27 00:50:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 32, "corpus": 1128, "corpus [files]": 814, "corpus [symbols]": 638, "cover overflows": 1, "coverage": 12519, "distributor delayed": 546, "distributor undelayed": 546, "distributor violated": 0, "exec candidate": 2260, "exec collide": 13014, "exec fuzz": 24541, "exec gen": 1242, "exec hints": 6419, "exec inject": 0, "exec minimize": 16684, "exec retries": 0, "exec seeds": 3341, "exec smash": 27732, "exec total [base]": 44260, "exec total [new]": 105121, "exec triage": 3168, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 11, "max signal": 13007, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8399, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1314, "no exec duration": 12004000000, "no exec requests": 13, "pending": 0, "prog exec time": 382, "reproducing": 0, "rpc recv": 3681232460, "rpc sent": 195074400, "signal": 11977, "smash jobs": 9, "triage jobs": 6, "vm output": 553690, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/27 00:55:49 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1241, "corpus [files]": 921, "corpus [symbols]": 736, "cover overflows": 10, "coverage": 12810, "distributor delayed": 609, "distributor undelayed": 609, "distributor violated": 0, "exec candidate": 2260, "exec collide": 19785, "exec fuzz": 37635, "exec gen": 1938, "exec hints": 7613, "exec inject": 0, "exec minimize": 18743, "exec retries": 0, "exec seeds": 3683, "exec smash": 30603, "exec total [base]": 55247, "exec total [new]": 132493, "exec triage": 3514, "executor restarts [base]": 31, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13325, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9351, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1453, "no exec duration": 12004000000, "no exec requests": 13, "pending": 0, "prog exec time": 345, "reproducing": 0, "rpc recv": 4585137628, "rpc sent": 261221280, "signal": 12243, "smash jobs": 9, "triage jobs": 5, "vm output": 715762, "vm restarts [base]": 4, "vm restarts [new]": 10 }