2026/02/04 00:29:53 extracted 324949 text symbol hashes for base and 324949 for patched 2026/02/04 00:29:54 binaries are different, continuing fuzzing 2026/02/04 00:29:54 adding modified_functions to focus areas: ["nested_svm_load_cr3" "nested_svm_vmexit" "nested_svm_vmrun" "svm_get_nested_state_pages" "svm_set_nested_state"] 2026/02/04 00:29:54 adding directly modified files to focus areas: ["arch/x86/kvm/svm/nested.c"] 2026/02/04 00:29:54 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/02/04 00:30:28 broken programs in the corpus: 58, broken seeds: 0 2026/02/04 00:30:52 runner 2 connected 2026/02/04 00:30:52 runner 1 connected 2026/02/04 00:30:52 runner 4 connected 2026/02/04 00:30:53 runner 1 connected 2026/02/04 00:30:53 runner 8 connected 2026/02/04 00:30:53 runner 5 connected 2026/02/04 00:30:53 runner 0 connected 2026/02/04 00:30:53 runner 0 connected 2026/02/04 00:30:53 runner 6 connected 2026/02/04 00:30:53 runner 3 connected 2026/02/04 00:30:59 executor cover filter: 0 PCs 2026/02/04 00:30:59 initializing coverage information... 2026/02/04 00:30:59 runner 2 connected 2026/02/04 00:31:00 runner 7 connected 2026/02/04 00:31:01 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/02/04 00:31:01 base: machine check complete 2026/02/04 00:31:03 discovered 7638 source files, 336303 symbols 2026/02/04 00:31:03 coverage filter: ^nested_svm_load_cr3$: [nested_svm_load_cr3] 2026/02/04 00:31:03 coverage filter: ^nested_svm_vmexit$: [nested_svm_vmexit] 2026/02/04 00:31:03 coverage filter: ^nested_svm_vmrun$: [nested_svm_vmrun] 2026/02/04 00:31:03 coverage filter: ^svm_get_nested_state_pages$: [svm_get_nested_state_pages] 2026/02/04 00:31:03 coverage filter: ^svm_set_nested_state$: [svm_set_nested_state] 2026/02/04 00:31:03 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2026/02/04 00:31:03 area "symbols": 252 PCs in the cover filter 2026/02/04 00:31:03 area "files": 881 PCs in the cover filter 2026/02/04 00:31:03 area "": 0 PCs in the cover filter 2026/02/04 00:31:03 executor cover filter: 0 PCs 2026/02/04 00:31:05 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/02/04 00:31:05 new: machine check complete 2026/02/04 00:31:08 new: adding 2726 seeds 2026/02/04 00:31:26 triaged 96.7% of the corpus 2026/02/04 00:31:26 starting bug reproductions 2026/02/04 00:31:26 starting bug reproductions (max 6 VMs, 4 repros) 2026/02/04 00:31:56 triaged 100.0% of the corpus 2026/02/04 00:34:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 735, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10783, "distributor delayed": 456, "distributor undelayed": 456, "distributor violated": 0, "exec candidate": 2726, "exec collide": 4334, "exec fuzz": 8120, "exec gen": 420, "exec hints": 1279, "exec inject": 0, "exec minimize": 9103, "exec retries": 0, "exec seeds": 2077, "exec smash": 9274, "exec total [base]": 17813, "exec total [new]": 47474, "exec triage": 2032, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 837, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 149, "max signal": 11275, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4774, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 850, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 209, "reproducing": 0, "rpc recv": 1252999892, "rpc sent": 60826368, "signal": 10184, "smash jobs": 678, "triage jobs": 10, "vm output": 222668, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 00:39:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 5, "corpus": 994, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 12197, "distributor delayed": 605, "distributor undelayed": 605, "distributor violated": 0, "exec candidate": 2726, "exec collide": 9470, "exec fuzz": 17861, "exec gen": 945, "exec hints": 3620, "exec inject": 0, "exec minimize": 13380, "exec retries": 0, "exec seeds": 2935, "exec smash": 21483, "exec total [base]": 29778, "exec total [new]": 83358, "exec triage": 2830, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 412, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 99, "max signal": 12748, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6743, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1177, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 238, "reproducing": 0, "rpc recv": 2282358468, "rpc sent": 131018640, "signal": 11446, "smash jobs": 304, "triage jobs": 9, "vm output": 394907, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 00:44:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 24, "corpus": 1161, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 72, "coverage": 13118, "distributor delayed": 716, "distributor undelayed": 716, "distributor violated": 0, "exec candidate": 2726, "exec collide": 14963, "exec fuzz": 28343, "exec gen": 1456, "exec hints": 6422, "exec inject": 0, "exec minimize": 16369, "exec retries": 0, "exec seeds": 3472, "exec smash": 28862, "exec total [base]": 39991, "exec total [new]": 114122, "exec triage": 3397, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13672, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8095, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1405, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 279, "reproducing": 0, "rpc recv": 3209627360, "rpc sent": 198158184, "signal": 12335, "smash jobs": 7, "triage jobs": 8, "vm output": 701798, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 00:49:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1272, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 102, "coverage": 13418, "distributor delayed": 771, "distributor undelayed": 771, "distributor violated": 0, "exec candidate": 2726, "exec collide": 22588, "exec fuzz": 42503, "exec gen": 2242, "exec hints": 6726, "exec inject": 0, "exec minimize": 18251, "exec retries": 0, "exec seeds": 3819, "exec smash": 31747, "exec total [base]": 49263, "exec total [new]": 142434, "exec triage": 3720, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 13978, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8954, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1541, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 3951970576, "rpc sent": 270543584, "signal": 12618, "smash jobs": 8, "triage jobs": 2, "vm output": 978299, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 00:54:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 35, "corpus": 1363, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 122, "coverage": 13648, "distributor delayed": 838, "distributor undelayed": 838, "distributor violated": 0, "exec candidate": 2726, "exec collide": 30292, "exec fuzz": 57055, "exec gen": 3016, "exec hints": 7022, "exec inject": 0, "exec minimize": 19675, "exec retries": 0, "exec seeds": 4097, "exec smash": 34127, "exec total [base]": 58373, "exec total [new]": 170137, "exec triage": 4014, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 4, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14277, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9616, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1659, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 252, "reproducing": 0, "rpc recv": 4648705208, "rpc sent": 340984224, "signal": 12843, "smash jobs": 1, "triage jobs": 2, "vm output": 1244195, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 00:59:56 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 40, "corpus": 1417, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 145, "coverage": 13783, "distributor delayed": 866, "distributor undelayed": 866, "distributor violated": 0, "exec candidate": 2726, "exec collide": 38321, "exec fuzz": 72195, "exec gen": 3835, "exec hints": 7160, "exec inject": 0, "exec minimize": 20475, "exec retries": 0, "exec seeds": 4260, "exec smash": 35478, "exec total [base]": 67178, "exec total [new]": 196754, "exec triage": 4193, "executor restarts [base]": 28, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14503, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9990, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1734, "no exec duration": 19049000000, "no exec requests": 29, "pending": 0, "prog exec time": 318, "reproducing": 0, "rpc recv": 5274511132, "rpc sent": 409261080, "signal": 12965, "smash jobs": 3, "triage jobs": 6, "vm output": 1503744, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/02/04 01:01:56 fuzzer has not reached the modified code in 30m0s, aborting 2026/02/04 01:01:56 repro loop terminated 2026/02/04 01:01:56 new: rpc server terminaled 2026/02/04 01:01:56 base: rpc server terminaled 2026/02/04 01:01:56 base: pool terminated 2026/02/04 01:01:56 base: kernel context loop terminated 2026/02/04 01:01:56 new: pool terminated 2026/02/04 01:01:56 new: kernel context loop terminated 2026/02/04 01:01:56 diff fuzzing terminated 2026/02/04 01:01:56 bug reporting terminated 2026/02/04 01:01:56 status reporting terminated 2026/02/04 01:01:56 fuzzing is finished 2026/02/04 01:01:56 status at the end: Title On-Base On-Patched