2025/09/03 15:46:22 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/03 15:46:22 binaries are different, continuing fuzzing 2025/09/03 15:46:22 adding modified_functions to focus areas: ["nested_svm_exit_handled" "nested_svm_load_cr3" "nested_svm_vmrun" "svm_check_nested_events" "svm_get_nested_state" "svm_get_nested_state_pages" "svm_set_nested_state"] 2025/09/03 15:46:22 adding directly modified files to focus areas: ["arch/x86/kvm/svm/nested.c"] 2025/09/03 15:46:23 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/03 15:47:21 runner 6 connected 2025/09/03 15:47:21 runner 2 connected 2025/09/03 15:47:21 runner 7 connected 2025/09/03 15:47:21 runner 3 connected 2025/09/03 15:47:21 runner 9 connected 2025/09/03 15:47:22 runner 1 connected 2025/09/03 15:47:22 runner 4 connected 2025/09/03 15:47:28 runner 2 connected 2025/09/03 15:47:28 runner 0 connected 2025/09/03 15:47:28 initializing coverage information... 2025/09/03 15:47:28 runner 3 connected 2025/09/03 15:47:29 runner 0 connected 2025/09/03 15:47:29 runner 1 connected 2025/09/03 15:47:29 executor cover filter: 0 PCs 2025/09/03 15:47:29 runner 8 connected 2025/09/03 15:47:29 runner 5 connected 2025/09/03 15:47:32 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/03 15:47:32 base: machine check complete 2025/09/03 15:47:33 discovered 7699 source files, 338653 symbols 2025/09/03 15:47:34 coverage filter: nested_svm_exit_handled: [nested_svm_exit_handled nested_svm_exit_handled_msr] 2025/09/03 15:47:34 coverage filter: nested_svm_load_cr3: [nested_svm_load_cr3] 2025/09/03 15:47:34 coverage filter: nested_svm_vmrun: [nested_svm_vmrun] 2025/09/03 15:47:34 coverage filter: svm_check_nested_events: [svm_check_nested_events] 2025/09/03 15:47:34 coverage filter: svm_get_nested_state: [svm_get_nested_state svm_get_nested_state_pages] 2025/09/03 15:47:34 coverage filter: svm_get_nested_state_pages: [] 2025/09/03 15:47:34 coverage filter: svm_set_nested_state: [svm_set_nested_state] 2025/09/03 15:47:34 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2025/09/03 15:47:34 area "symbols": 270 PCs in the cover filter 2025/09/03 15:47:34 area "files": 936 PCs in the cover filter 2025/09/03 15:47:34 area "": 0 PCs in the cover filter 2025/09/03 15:47:34 executor cover filter: 0 PCs 2025/09/03 15:47:35 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8054 2025/09/03 15:47:35 new: machine check complete 2025/09/03 15:47:39 new: adding 2363 seeds 2025/09/03 15:47:55 triaged 97.1% of the corpus 2025/09/03 15:47:55 starting bug reproductions 2025/09/03 15:47:55 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/03 15:48:25 triaged 100.0% of the corpus 2025/09/03 15:51:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 735, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9180, "distributor delayed": 373, "distributor undelayed": 372, "distributor violated": 0, "exec candidate": 2363, "exec collide": 4241, "exec fuzz": 7779, "exec gen": 400, "exec hints": 1391, "exec inject": 0, "exec minimize": 9510, "exec retries": 0, "exec seeds": 2054, "exec smash": 8678, "exec total [base]": 20524, "exec total [new]": 45396, "exec triage": 1951, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 856, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 149, "max signal": 9515, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5189, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 834, "no exec duration": 16000000000, "no exec requests": 16, "pending": 0, "prog exec time": 197, "reproducing": 0, "rpc recv": 1378586272, "rpc sent": 59433576, "signal": 8794, "smash jobs": 693, "triage jobs": 14, "vm output": 213276, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 15:56:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 16, "corpus": 1021, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 11408, "distributor delayed": 515, "distributor undelayed": 515, "distributor violated": 0, "exec candidate": 2363, "exec collide": 10041, "exec fuzz": 18595, "exec gen": 954, "exec hints": 3822, "exec inject": 0, "exec minimize": 14077, "exec retries": 0, "exec seeds": 2988, "exec smash": 22481, "exec total [base]": 36332, "exec total [new]": 85110, "exec triage": 2761, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 373, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 107, "max signal": 11932, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7333, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1179, "no exec duration": 16000000000, "no exec requests": 16, "pending": 0, "prog exec time": 240, "reproducing": 0, "rpc recv": 2460575828, "rpc sent": 139589544, "signal": 10993, "smash jobs": 256, "triage jobs": 10, "vm output": 359564, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 16:01:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1219, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12319, "distributor delayed": 641, "distributor undelayed": 641, "distributor violated": 0, "exec candidate": 2363, "exec collide": 15309, "exec fuzz": 28831, "exec gen": 1478, "exec hints": 7896, "exec inject": 0, "exec minimize": 17788, "exec retries": 0, "exec seeds": 3642, "exec smash": 30242, "exec total [base]": 49539, "exec total [new]": 117982, "exec triage": 3404, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 25, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 12933, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9043, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1436, "no exec duration": 16000000000, "no exec requests": 16, "pending": 0, "prog exec time": 283, "reproducing": 0, "rpc recv": 3591441184, "rpc sent": 218728016, "signal": 11775, "smash jobs": 11, "triage jobs": 8, "vm output": 550507, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 16:06:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 59, "corpus": 1337, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 12910, "distributor delayed": 720, "distributor undelayed": 720, "distributor violated": 0, "exec candidate": 2363, "exec collide": 22393, "exec fuzz": 42652, "exec gen": 2190, "exec hints": 8763, "exec inject": 0, "exec minimize": 20020, "exec retries": 0, "exec seeds": 4002, "exec smash": 33221, "exec total [base]": 60752, "exec total [new]": 146402, "exec triage": 3771, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13564, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10084, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1591, "no exec duration": 16000000000, "no exec requests": 16, "pending": 0, "prog exec time": 329, "reproducing": 0, "rpc recv": 4496452840, "rpc sent": 293464584, "signal": 12336, "smash jobs": 10, "triage jobs": 5, "vm output": 727554, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 16:11:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 66, "corpus": 1435, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 6, "coverage": 13222, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2363, "exec collide": 30004, "exec fuzz": 57175, "exec gen": 2998, "exec hints": 9165, "exec inject": 0, "exec minimize": 21713, "exec retries": 0, "exec seeds": 4298, "exec smash": 35717, "exec total [base]": 71937, "exec total [new]": 174507, "exec triage": 4044, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13862, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10921, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1709, "no exec duration": 16013000000, "no exec requests": 17, "pending": 0, "prog exec time": 313, "reproducing": 0, "rpc recv": 5300206052, "rpc sent": 374112032, "signal": 12603, "smash jobs": 9, "triage jobs": 4, "vm output": 897698, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 16:16:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 70, "corpus": 1526, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 9, "coverage": 13411, "distributor delayed": 804, "distributor undelayed": 804, "distributor violated": 0, "exec candidate": 2363, "exec collide": 37657, "exec fuzz": 71915, "exec gen": 3803, "exec hints": 9957, "exec inject": 0, "exec minimize": 23129, "exec retries": 0, "exec seeds": 4575, "exec smash": 38125, "exec total [base]": 83233, "exec total [new]": 202841, "exec triage": 4287, "executor restarts [base]": 34, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 14085, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11574, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1816, "no exec duration": 16013000000, "no exec requests": 17, "pending": 0, "prog exec time": 345, "reproducing": 0, "rpc recv": 6071244528, "rpc sent": 453679640, "signal": 12788, "smash jobs": 0, "triage jobs": 4, "vm output": 1104319, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/03 16:18:25 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/03 16:18:25 syz-diff (new): kernel context loop terminated 2025/09/03 16:18:25 syz-diff (base): kernel context loop terminated 2025/09/03 16:18:25 diff fuzzing terminated 2025/09/03 16:18:25 bug reporting terminated 2025/09/03 16:18:25 status reporting terminated 2025/09/03 16:18:25 fuzzing is finished 2025/09/03 16:18:25 status at the end: Title On-Base On-Patched