2026/02/25 03:59:16 extracted 324887 text symbol hashes for base and 324887 for patched 2026/02/25 03:59:16 binaries are different, continuing fuzzing 2026/02/25 03:59:16 adding modified_functions to focus areas: ["nested_svm_exit_handled" "nested_svm_load_cr3" "nested_svm_vmrun" "svm_check_nested_events" "svm_get_nested_state" "svm_get_nested_state_pages" "svm_set_nested_state"] 2026/02/25 03:59:16 adding directly modified files to focus areas: ["arch/x86/kvm/svm/nested.c"] 2026/02/25 03:59:16 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/02/25 04:00:15 runner 7 connected 2026/02/25 04:00:15 runner 1 connected 2026/02/25 04:00:15 runner 5 connected 2026/02/25 04:00:15 runner 2 connected 2026/02/25 04:00:15 runner 4 connected 2026/02/25 04:00:16 runner 2 connected 2026/02/25 04:00:16 runner 0 connected 2026/02/25 04:00:16 runner 8 connected 2026/02/25 04:00:16 runner 3 connected 2026/02/25 04:00:16 runner 1 connected 2026/02/25 04:00:16 runner 0 connected 2026/02/25 04:00:16 runner 6 connected 2026/02/25 04:00:21 executor cover filter: 0 PCs 2026/02/25 04:00:21 initializing coverage information... 2026/02/25 04:00:23 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8179 2026/02/25 04:00:23 base: machine check complete 2026/02/25 04:00:26 discovered 7666 source files, 336129 symbols 2026/02/25 04:00:26 coverage filter: ^nested_svm_exit_handled$: [nested_svm_exit_handled] 2026/02/25 04:00:26 coverage filter: ^nested_svm_load_cr3$: [nested_svm_load_cr3] 2026/02/25 04:00:26 coverage filter: ^nested_svm_vmrun$: [nested_svm_vmrun] 2026/02/25 04:00:26 coverage filter: ^svm_check_nested_events$: [svm_check_nested_events] 2026/02/25 04:00:26 coverage filter: ^svm_get_nested_state$: [svm_get_nested_state] 2026/02/25 04:00:26 coverage filter: ^svm_get_nested_state_pages$: [svm_get_nested_state_pages] 2026/02/25 04:00:26 coverage filter: ^svm_set_nested_state$: [svm_set_nested_state] 2026/02/25 04:00:26 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2026/02/25 04:00:26 area "symbols": 255 PCs in the cover filter 2026/02/25 04:00:26 area "files": 961 PCs in the cover filter 2026/02/25 04:00:26 area "": 0 PCs in the cover filter 2026/02/25 04:00:26 executor cover filter: 0 PCs 2026/02/25 04:00:27 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8179 2026/02/25 04:00:27 new: machine check complete 2026/02/25 04:00:30 new: adding 2538 seeds 2026/02/25 04:00:48 triaged 97.3% of the corpus 2026/02/25 04:00:48 starting bug reproductions 2026/02/25 04:00:48 starting bug reproductions (max 6 VMs, 4 repros) 2026/02/25 04:01:18 triaged 100.0% of the corpus 2026/02/25 04:04:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 13, "corpus": 737, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10813, "distributor delayed": 465, "distributor undelayed": 465, "distributor violated": 0, "exec candidate": 2538, "exec collide": 3807, "exec fuzz": 7058, "exec gen": 337, "exec hints": 1286, "exec inject": 0, "exec minimize": 10223, "exec retries": 0, "exec seeds": 2051, "exec smash": 7654, "exec total [base]": 17096, "exec total [new]": 44562, "exec triage": 2066, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 896, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 176, "max signal": 11296, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5426, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 857, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 241, "reproducing": 0, "rpc recv": 1450903008, "rpc sent": 60281264, "signal": 10320, "smash jobs": 708, "triage jobs": 12, "vm output": 250409, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:09:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 32, "corpus": 968, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 123, "coverage": 11911, "distributor delayed": 587, "distributor undelayed": 587, "distributor violated": 0, "exec candidate": 2538, "exec collide": 8420, "exec fuzz": 15783, "exec gen": 815, "exec hints": 3044, "exec inject": 0, "exec minimize": 14047, "exec retries": 0, "exec seeds": 2807, "exec smash": 18960, "exec total [base]": 28008, "exec total [new]": 76632, "exec triage": 2673, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 630, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 129, "max signal": 12322, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7188, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1120, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 274, "reproducing": 0, "rpc recv": 2495677912, "rpc sent": 133922032, "signal": 11411, "smash jobs": 495, "triage jobs": 6, "vm output": 383566, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:14:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 53, "corpus": 1150, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 437, "coverage": 12592, "distributor delayed": 680, "distributor undelayed": 680, "distributor violated": 0, "exec candidate": 2538, "exec collide": 12706, "exec fuzz": 23989, "exec gen": 1267, "exec hints": 6084, "exec inject": 0, "exec minimize": 17026, "exec retries": 0, "exec seeds": 3411, "exec smash": 28254, "exec total [base]": 37675, "exec total [new]": 106016, "exec triage": 3199, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 42, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 8, "max signal": 13029, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8571, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1351, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 213, "reproducing": 0, "rpc recv": 3399482056, "rpc sent": 201247752, "signal": 12039, "smash jobs": 24, "triage jobs": 10, "vm output": 534462, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:19:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 70, "corpus": 1267, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 924, "coverage": 12869, "distributor delayed": 726, "distributor undelayed": 726, "distributor violated": 0, "exec candidate": 2538, "exec collide": 19290, "exec fuzz": 36536, "exec gen": 1932, "exec hints": 7036, "exec inject": 0, "exec minimize": 18845, "exec retries": 0, "exec seeds": 3771, "exec smash": 31337, "exec total [base]": 46544, "exec total [new]": 132326, "exec triage": 3499, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13334, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9408, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1485, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 300, "reproducing": 0, "rpc recv": 4126130140, "rpc sent": 267446560, "signal": 12298, "smash jobs": 7, "triage jobs": 4, "vm output": 685889, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:24:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 96, "corpus": 1366, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1458, "coverage": 13250, "distributor delayed": 779, "distributor undelayed": 779, "distributor violated": 0, "exec candidate": 2538, "exec collide": 26018, "exec fuzz": 49219, "exec gen": 2598, "exec hints": 7237, "exec inject": 0, "exec minimize": 20419, "exec retries": 0, "exec seeds": 4076, "exec smash": 33854, "exec total [base]": 54679, "exec total [new]": 157263, "exec triage": 3762, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13744, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10110, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1602, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 324, "reproducing": 0, "rpc recv": 4803542292, "rpc sent": 331359600, "signal": 12645, "smash jobs": 8, "triage jobs": 4, "vm output": 834205, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:29:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 104, "corpus": 1427, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1972, "coverage": 13689, "distributor delayed": 803, "distributor undelayed": 803, "distributor violated": 0, "exec candidate": 2538, "exec collide": 32897, "exec fuzz": 62613, "exec gen": 3285, "exec hints": 7392, "exec inject": 0, "exec minimize": 21484, "exec retries": 0, "exec seeds": 4254, "exec smash": 35397, "exec total [base]": 62592, "exec total [new]": 181323, "exec triage": 3923, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 14186, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10629, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1671, "no exec duration": 23231000000, "no exec requests": 60, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 5385563284, "rpc sent": 395154208, "signal": 13061, "smash jobs": 7, "triage jobs": 3, "vm output": 976511, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/25 04:31:18 fuzzer has not reached the modified code in 30m0s, aborting 2026/02/25 04:31:18 repro loop terminated 2026/02/25 04:31:18 base: rpc server terminaled 2026/02/25 04:31:18 new: rpc server terminaled 2026/02/25 04:31:19 base: pool terminated 2026/02/25 04:31:19 base: kernel context loop terminated 2026/02/25 04:31:19 new: pool terminated 2026/02/25 04:31:19 new: kernel context loop terminated 2026/02/25 04:31:19 diff fuzzing terminated 2026/02/25 04:31:19 bug reporting terminated 2026/02/25 04:31:19 status reporting terminated 2026/02/25 04:31:19 fuzzing is finished 2026/02/25 04:31:19 status at the end: Title On-Base On-Patched Status