2025/10/09 23:31:46 extracted 333434 text symbol hashes for base and 333434 for patched 2025/10/09 23:31:46 binaries are different, continuing fuzzing 2025/10/09 23:31:46 adding modified_functions to focus areas: ["nested_svm_exit_handled" "nested_svm_load_cr3" "nested_svm_vmrun" "svm_check_nested_events" "svm_get_nested_state" "svm_get_nested_state_pages" "svm_set_efer" "svm_set_gif" "svm_set_nested_state"] 2025/10/09 23:31:46 adding directly modified files to focus areas: ["arch/x86/kvm/svm/nested.c" "arch/x86/kvm/svm/svm.c"] 2025/10/09 23:31:46 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/10/09 23:32:45 runner 2 connected 2025/10/09 23:32:45 runner 8 connected 2025/10/09 23:32:45 runner 3 connected 2025/10/09 23:32:45 runner 1 connected 2025/10/09 23:32:45 runner 6 connected 2025/10/09 23:32:45 runner 1 connected 2025/10/09 23:32:51 runner 0 connected 2025/10/09 23:32:51 runner 2 connected 2025/10/09 23:32:52 initializing coverage information... 2025/10/09 23:32:52 executor cover filter: 0 PCs 2025/10/09 23:32:52 runner 5 connected 2025/10/09 23:32:52 runner 4 connected 2025/10/09 23:32:52 runner 7 connected 2025/10/09 23:32:53 runner 0 connected 2025/10/09 23:32:54 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/09 23:32:54 base: machine check complete 2025/10/09 23:32:57 discovered 7839 source files, 344893 symbols 2025/10/09 23:32:57 coverage filter: nested_svm_exit_handled: [nested_svm_exit_handled nested_svm_exit_handled_msr] 2025/10/09 23:32:57 coverage filter: nested_svm_load_cr3: [nested_svm_load_cr3] 2025/10/09 23:32:57 coverage filter: nested_svm_vmrun: [nested_svm_vmrun] 2025/10/09 23:32:57 coverage filter: svm_check_nested_events: [svm_check_nested_events] 2025/10/09 23:32:57 coverage filter: svm_get_nested_state: [svm_get_nested_state svm_get_nested_state_pages] 2025/10/09 23:32:57 coverage filter: svm_get_nested_state_pages: [] 2025/10/09 23:32:57 coverage filter: svm_set_efer: [svm_set_efer] 2025/10/09 23:32:57 coverage filter: svm_set_gif: [svm_set_gif] 2025/10/09 23:32:57 coverage filter: svm_set_nested_state: [svm_set_nested_state] 2025/10/09 23:32:57 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2025/10/09 23:32:57 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2025/10/09 23:32:57 area "symbols": 322 PCs in the cover filter 2025/10/09 23:32:57 area "files": 3005 PCs in the cover filter 2025/10/09 23:32:57 area "": 0 PCs in the cover filter 2025/10/09 23:32:57 executor cover filter: 0 PCs 2025/10/09 23:32:59 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/10/09 23:32:59 new: machine check complete 2025/10/09 23:33:02 new: adding 2196 seeds 2025/10/09 23:33:18 triaged 97.3% of the corpus 2025/10/09 23:33:18 starting bug reproductions 2025/10/09 23:33:18 starting bug reproductions (max 6 VMs, 4 repros) 2025/10/09 23:33:48 triaged 100.0% of the corpus 2025/10/09 23:36:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 738, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10066, "distributor delayed": 431, "distributor undelayed": 431, "distributor violated": 0, "exec candidate": 2196, "exec collide": 4228, "exec fuzz": 8092, "exec gen": 391, "exec hints": 1343, "exec inject": 0, "exec minimize": 9549, "exec retries": 0, "exec seeds": 2058, "exec smash": 9094, "exec total [base]": 17286, "exec total [new]": 45494, "exec triage": 2006, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 816, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 156, "max signal": 10591, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5054, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 857, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 200, "reproducing": 0, "rpc recv": 1296232896, "rpc sent": 67811472, "signal": 9550, "smash jobs": 645, "triage jobs": 15, "vm output": 180141, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/09 23:41:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1025, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 84, "coverage": 11817, "distributor delayed": 599, "distributor undelayed": 599, "distributor violated": 0, "exec candidate": 2196, "exec collide": 8858, "exec fuzz": 17035, "exec gen": 871, "exec hints": 3296, "exec inject": 0, "exec minimize": 14282, "exec retries": 0, "exec seeds": 3015, "exec smash": 20241, "exec total [base]": 28856, "exec total [new]": 79120, "exec triage": 2788, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 590, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 118, "max signal": 12335, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7337, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1195, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 354, "reproducing": 0, "rpc recv": 2329109788, "rpc sent": 142449016, "signal": 11244, "smash jobs": 464, "triage jobs": 8, "vm output": 262307, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/09 23:46:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1210, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 238, "coverage": 12523, "distributor delayed": 696, "distributor undelayed": 696, "distributor violated": 0, "exec candidate": 2196, "exec collide": 13153, "exec fuzz": 25193, "exec gen": 1301, "exec hints": 6269, "exec inject": 0, "exec minimize": 17724, "exec retries": 0, "exec seeds": 3606, "exec smash": 29553, "exec total [base]": 38712, "exec total [new]": 108821, "exec triage": 3288, "executor restarts [base]": 29, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 81, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 27, "max signal": 13082, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9069, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1412, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 258, "reproducing": 0, "rpc recv": 3200506916, "rpc sent": 210657832, "signal": 11868, "smash jobs": 47, "triage jobs": 7, "vm output": 352479, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/09 23:51:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 68, "corpus": 1321, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 454, "coverage": 12969, "distributor delayed": 763, "distributor undelayed": 763, "distributor violated": 0, "exec candidate": 2196, "exec collide": 19861, "exec fuzz": 37567, "exec gen": 1962, "exec hints": 8144, "exec inject": 0, "exec minimize": 19693, "exec retries": 1, "exec seeds": 3943, "exec smash": 32828, "exec total [base]": 47877, "exec total [new]": 136344, "exec triage": 3611, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13550, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9994, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1549, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 330, "reproducing": 0, "rpc recv": 3907125844, "rpc sent": 278766144, "signal": 12168, "smash jobs": 5, "triage jobs": 5, "vm output": 529241, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/09 23:56:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1387, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 722, "coverage": 13264, "distributor delayed": 802, "distributor undelayed": 802, "distributor violated": 0, "exec candidate": 2196, "exec collide": 26942, "exec fuzz": 51026, "exec gen": 2653, "exec hints": 8884, "exec inject": 0, "exec minimize": 20991, "exec retries": 1, "exec seeds": 4141, "exec smash": 34454, "exec total [base]": 56363, "exec total [new]": 161620, "exec triage": 3796, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 13820, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10597, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1625, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 365, "reproducing": 0, "rpc recv": 4522841632, "rpc sent": 344196352, "signal": 12423, "smash jobs": 7, "triage jobs": 3, "vm output": 665761, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/10 00:01:48 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 105, "corpus": 1464, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1019, "coverage": 13513, "distributor delayed": 843, "distributor undelayed": 843, "distributor violated": 0, "exec candidate": 2196, "exec collide": 33701, "exec fuzz": 63739, "exec gen": 3344, "exec hints": 9171, "exec inject": 0, "exec minimize": 22437, "exec retries": 1, "exec seeds": 4372, "exec smash": 36371, "exec total [base]": 64256, "exec total [new]": 185894, "exec triage": 4022, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14117, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11260, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1720, "no exec duration": 18024000000, "no exec requests": 22, "pending": 0, "prog exec time": 336, "reproducing": 0, "rpc recv": 5148754944, "rpc sent": 411026656, "signal": 12659, "smash jobs": 6, "triage jobs": 5, "vm output": 812060, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/10/10 00:03:48 fuzzer has not reached the modified code in 30m0s, aborting 2025/10/10 00:03:48 repro loop terminated 2025/10/10 00:03:48 base: rpc server terminaled 2025/10/10 00:03:48 new: rpc server terminaled 2025/10/10 00:03:49 base: pool terminated 2025/10/10 00:03:49 base: kernel context loop terminated 2025/10/10 00:03:49 new: pool terminated 2025/10/10 00:03:49 new: kernel context loop terminated 2025/10/10 00:03:49 diff fuzzing terminated 2025/10/10 00:03:49 bug reporting terminated 2025/10/10 00:03:49 status reporting terminated 2025/10/10 00:03:49 fuzzing is finished 2025/10/10 00:03:49 status at the end: Title On-Base On-Patched