2025/11/25 16:25:23 extracted 321630 text symbol hashes for base and 321630 for patched 2025/11/25 16:25:23 binaries are different, continuing fuzzing 2025/11/25 16:25:23 adding modified_functions to focus areas: ["amd_is_valid_msr" "amd_msr_idx_to_pmc" "amd_pmu_get_msr" "amd_pmu_refresh" "amd_pmu_set_msr"] 2025/11/25 16:25:23 adding directly modified files to focus areas: ["arch/x86/kvm/svm/pmu.c"] 2025/11/25 16:25:23 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/11/25 16:26:22 runner 6 connected 2025/11/25 16:26:22 runner 4 connected 2025/11/25 16:26:22 runner 2 connected 2025/11/25 16:26:22 runner 1 connected 2025/11/25 16:26:22 runner 0 connected 2025/11/25 16:26:22 runner 0 connected 2025/11/25 16:26:22 runner 1 connected 2025/11/25 16:26:22 runner 2 connected 2025/11/25 16:26:22 runner 8 connected 2025/11/25 16:26:22 runner 5 connected 2025/11/25 16:26:22 runner 7 connected 2025/11/25 16:26:29 executor cover filter: 0 PCs 2025/11/25 16:26:29 initializing coverage information... 2025/11/25 16:26:29 runner 3 connected 2025/11/25 16:26:30 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/25 16:26:30 base: machine check complete 2025/11/25 16:26:33 discovered 7601 source files, 332486 symbols 2025/11/25 16:26:33 coverage filter: amd_is_valid_msr: [amd_is_valid_msr] 2025/11/25 16:26:33 coverage filter: amd_msr_idx_to_pmc: [amd_msr_idx_to_pmc] 2025/11/25 16:26:33 coverage filter: amd_pmu_get_msr: [amd_pmu_get_msr] 2025/11/25 16:26:33 coverage filter: amd_pmu_refresh: [amd_pmu_refresh] 2025/11/25 16:26:33 coverage filter: amd_pmu_set_msr: [amd_pmu_set_msr] 2025/11/25 16:26:33 coverage filter: arch/x86/kvm/svm/pmu.c: [arch/x86/kvm/svm/pmu.c] 2025/11/25 16:26:33 area "symbols": 66 PCs in the cover filter 2025/11/25 16:26:33 area "files": 114 PCs in the cover filter 2025/11/25 16:26:33 area "": 0 PCs in the cover filter 2025/11/25 16:26:33 executor cover filter: 0 PCs 2025/11/25 16:26:35 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/11/25 16:26:35 new: machine check complete 2025/11/25 16:26:38 new: adding 2594 seeds 2025/11/25 16:26:56 triaged 97.0% of the corpus 2025/11/25 16:26:56 starting bug reproductions 2025/11/25 16:26:56 starting bug reproductions (max 6 VMs, 4 repros) 2025/11/25 16:27:26 triaged 100.0% of the corpus 2025/11/25 16:30:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 713, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9451, "distributor delayed": 425, "distributor undelayed": 425, "distributor violated": 0, "exec candidate": 2594, "exec collide": 3639, "exec fuzz": 6857, "exec gen": 347, "exec hints": 1024, "exec inject": 0, "exec minimize": 9114, "exec retries": 0, "exec seeds": 1975, "exec smash": 7613, "exec total [base]": 16254, "exec total [new]": 42814, "exec triage": 1943, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 858, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 147, "max signal": 10060, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4895, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 825, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 197, "reproducing": 0, "rpc recv": 1189819232, "rpc sent": 62306784, "signal": 9013, "smash jobs": 692, "triage jobs": 19, "vm output": 180303, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:35:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 26, "corpus": 998, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 13, "coverage": 11930, "distributor delayed": 581, "distributor undelayed": 581, "distributor violated": 0, "exec candidate": 2594, "exec collide": 8328, "exec fuzz": 15606, "exec gen": 837, "exec hints": 2772, "exec inject": 0, "exec minimize": 13511, "exec retries": 0, "exec seeds": 2885, "exec smash": 18884, "exec total [base]": 27341, "exec total [new]": 75847, "exec triage": 2719, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 679, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 159, "max signal": 12391, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6884, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1158, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 243, "reproducing": 0, "rpc recv": 2157090992, "rpc sent": 136036136, "signal": 11474, "smash jobs": 514, "triage jobs": 6, "vm output": 312051, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:40:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1163, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 85, "coverage": 12425, "distributor delayed": 679, "distributor undelayed": 679, "distributor violated": 0, "exec candidate": 2594, "exec collide": 12829, "exec fuzz": 23975, "exec gen": 1320, "exec hints": 5830, "exec inject": 0, "exec minimize": 15923, "exec retries": 0, "exec seeds": 3462, "exec smash": 28601, "exec total [base]": 37131, "exec total [new]": 105410, "exec triage": 3169, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 47, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 13, "max signal": 12988, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7975, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1354, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 303, "reproducing": 0, "rpc recv": 2986110332, "rpc sent": 205997712, "signal": 11920, "smash jobs": 26, "triage jobs": 8, "vm output": 446878, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:45:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1294, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 170, "coverage": 12787, "distributor delayed": 740, "distributor undelayed": 740, "distributor violated": 0, "exec candidate": 2594, "exec collide": 19411, "exec fuzz": 36640, "exec gen": 1962, "exec hints": 6996, "exec inject": 0, "exec minimize": 18083, "exec retries": 0, "exec seeds": 3858, "exec smash": 32062, "exec total [base]": 46240, "exec total [new]": 132809, "exec triage": 3495, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 13364, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8958, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1499, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 350, "reproducing": 0, "rpc recv": 3706199268, "rpc sent": 276486520, "signal": 12266, "smash jobs": 8, "triage jobs": 8, "vm output": 627781, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:50:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 61, "corpus": 1384, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 284, "coverage": 13039, "distributor delayed": 792, "distributor undelayed": 792, "distributor violated": 0, "exec candidate": 2594, "exec collide": 26518, "exec fuzz": 50160, "exec gen": 2680, "exec hints": 7179, "exec inject": 0, "exec minimize": 19577, "exec retries": 0, "exec seeds": 4126, "exec smash": 34265, "exec total [base]": 54648, "exec total [new]": 158544, "exec triage": 3736, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 19, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13631, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9646, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1602, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 291, "reproducing": 0, "rpc recv": 4358682112, "rpc sent": 350528760, "signal": 12513, "smash jobs": 11, "triage jobs": 6, "vm output": 825755, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:55:26 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 73, "corpus": 1466, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 422, "coverage": 13316, "distributor delayed": 840, "distributor undelayed": 840, "distributor violated": 0, "exec candidate": 2594, "exec collide": 33405, "exec fuzz": 63103, "exec gen": 3354, "exec hints": 7362, "exec inject": 0, "exec minimize": 21087, "exec retries": 0, "exec seeds": 4376, "exec smash": 36417, "exec total [base]": 62875, "exec total [new]": 183365, "exec triage": 3958, "executor restarts [base]": 27, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13954, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10332, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1700, "no exec duration": 24010000000, "no exec requests": 27, "pending": 0, "prog exec time": 325, "reproducing": 0, "rpc recv": 4994528972, "rpc sent": 422432504, "signal": 12776, "smash jobs": 5, "triage jobs": 6, "vm output": 1044649, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/11/25 16:57:26 fuzzer has not reached the modified code in 30m0s, aborting 2025/11/25 16:57:26 repro loop terminated 2025/11/25 16:57:26 new: rpc server terminaled 2025/11/25 16:57:26 base: rpc server terminaled 2025/11/25 16:57:26 base: pool terminated 2025/11/25 16:57:26 base: kernel context loop terminated 2025/11/25 16:57:26 new: pool terminated 2025/11/25 16:57:26 new: kernel context loop terminated 2025/11/25 16:57:26 diff fuzzing terminated 2025/11/25 16:57:26 bug reporting terminated 2025/11/25 16:57:26 status reporting terminated 2025/11/25 16:57:26 fuzzing is finished 2025/11/25 16:57:26 status at the end: Title On-Base On-Patched