2025/09/22 17:08:22 extracted 327254 text symbol hashes for base and 327254 for patched 2025/09/22 17:08:22 binaries are different, continuing fuzzing 2025/09/22 17:08:22 adding modified_functions to focus areas: ["enter_svm_guest_mode" "nested_svm_vmrun" "nested_vmcb02_prepare_control" "svm_set_nested_state"] 2025/09/22 17:08:22 adding directly modified files to focus areas: ["arch/x86/kvm/svm/nested.c"] 2025/09/22 17:08:23 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/09/22 17:09:20 runner 5 connected 2025/09/22 17:09:20 runner 1 connected 2025/09/22 17:09:20 runner 8 connected 2025/09/22 17:09:20 runner 3 connected 2025/09/22 17:09:21 runner 3 connected 2025/09/22 17:09:21 runner 0 connected 2025/09/22 17:09:21 runner 4 connected 2025/09/22 17:09:21 runner 2 connected 2025/09/22 17:09:21 runner 2 connected 2025/09/22 17:09:21 runner 0 connected 2025/09/22 17:09:27 runner 9 connected 2025/09/22 17:09:28 runner 1 connected 2025/09/22 17:09:28 initializing coverage information... 2025/09/22 17:09:28 executor cover filter: 0 PCs 2025/09/22 17:09:28 runner 7 connected 2025/09/22 17:09:29 runner 6 connected 2025/09/22 17:09:30 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/22 17:09:30 base: machine check complete 2025/09/22 17:09:33 discovered 7699 source files, 338653 symbols 2025/09/22 17:09:33 coverage filter: enter_svm_guest_mode: [enter_svm_guest_mode] 2025/09/22 17:09:33 coverage filter: nested_svm_vmrun: [nested_svm_vmrun] 2025/09/22 17:09:33 coverage filter: nested_vmcb02_prepare_control: [nested_vmcb02_prepare_control] 2025/09/22 17:09:33 coverage filter: svm_set_nested_state: [svm_set_nested_state] 2025/09/22 17:09:33 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2025/09/22 17:09:33 area "symbols": 231 PCs in the cover filter 2025/09/22 17:09:33 area "files": 939 PCs in the cover filter 2025/09/22 17:09:33 area "": 0 PCs in the cover filter 2025/09/22 17:09:33 executor cover filter: 0 PCs 2025/09/22 17:09:35 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8055 2025/09/22 17:09:35 new: machine check complete 2025/09/22 17:09:38 new: adding 2304 seeds 2025/09/22 17:09:54 triaged 97.2% of the corpus 2025/09/22 17:09:54 starting bug reproductions 2025/09/22 17:09:54 starting bug reproductions (max 10 VMs, 7 repros) 2025/09/22 17:10:24 triaged 100.0% of the corpus 2025/09/22 17:13:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 726, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9783, "distributor delayed": 369, "distributor undelayed": 369, "distributor violated": 0, "exec candidate": 2304, "exec collide": 4042, "exec fuzz": 7736, "exec gen": 396, "exec hints": 1321, "exec inject": 0, "exec minimize": 9399, "exec retries": 0, "exec seeds": 2045, "exec smash": 8522, "exec total [base]": 20606, "exec total [new]": 44513, "exec triage": 1900, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 861, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 157, "max signal": 10055, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5090, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 808, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 227, "reproducing": 0, "rpc recv": 1416324780, "rpc sent": 60612736, "signal": 9303, "smash jobs": 692, "triage jobs": 12, "vm output": 212261, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:18:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 17, "corpus": 1014, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 23, "coverage": 11750, "distributor delayed": 507, "distributor undelayed": 507, "distributor violated": 0, "exec candidate": 2304, "exec collide": 9296, "exec fuzz": 17707, "exec gen": 923, "exec hints": 3554, "exec inject": 0, "exec minimize": 13867, "exec retries": 0, "exec seeds": 2972, "exec smash": 21129, "exec total [base]": 35472, "exec total [new]": 81238, "exec triage": 2638, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 493, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 116, "max signal": 12166, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7108, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1143, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 207, "reproducing": 0, "rpc recv": 2646991140, "rpc sent": 140782152, "signal": 11248, "smash jobs": 365, "triage jobs": 12, "vm output": 306177, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:23:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1227, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 47, "coverage": 12328, "distributor delayed": 598, "distributor undelayed": 598, "distributor violated": 0, "exec candidate": 2304, "exec collide": 14622, "exec fuzz": 27578, "exec gen": 1455, "exec hints": 6627, "exec inject": 0, "exec minimize": 17023, "exec retries": 0, "exec seeds": 3663, "exec smash": 30418, "exec total [base]": 48376, "exec total [new]": 113756, "exec triage": 3218, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 12826, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8580, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1398, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 3728928112, "rpc sent": 217597232, "signal": 11800, "smash jobs": 11, "triage jobs": 12, "vm output": 452253, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:28:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1358, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 70, "coverage": 12733, "distributor delayed": 663, "distributor undelayed": 663, "distributor violated": 0, "exec candidate": 2304, "exec collide": 21973, "exec fuzz": 41437, "exec gen": 2219, "exec hints": 7279, "exec inject": 0, "exec minimize": 19273, "exec retries": 0, "exec seeds": 4062, "exec smash": 33793, "exec total [base]": 59880, "exec total [new]": 142770, "exec triage": 3580, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13205, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9648, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1554, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 317, "reproducing": 0, "rpc recv": 4612038432, "rpc sent": 294951000, "signal": 12186, "smash jobs": 6, "triage jobs": 8, "vm output": 580205, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:33:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 60, "corpus": 1427, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 92, "coverage": 12901, "distributor delayed": 696, "distributor undelayed": 696, "distributor violated": 0, "exec candidate": 2304, "exec collide": 29936, "exec fuzz": 56425, "exec gen": 3026, "exec hints": 7462, "exec inject": 0, "exec minimize": 20545, "exec retries": 0, "exec seeds": 4272, "exec smash": 35546, "exec total [base]": 70577, "exec total [new]": 170118, "exec triage": 3756, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13395, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10254, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1630, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 5378524088, "rpc sent": 370249832, "signal": 12344, "smash jobs": 5, "triage jobs": 4, "vm output": 727981, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:38:24 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1488, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 107, "coverage": 13154, "distributor delayed": 717, "distributor undelayed": 717, "distributor violated": 0, "exec candidate": 2304, "exec collide": 37981, "exec fuzz": 71756, "exec gen": 3784, "exec hints": 8009, "exec inject": 0, "exec minimize": 21487, "exec retries": 0, "exec seeds": 4458, "exec smash": 37126, "exec total [base]": 81215, "exec total [new]": 197665, "exec triage": 3910, "executor restarts [base]": 32, "executor restarts [new]": 52, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 13643, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10659, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1699, "no exec duration": 19004000000, "no exec requests": 20, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 6110095396, "rpc sent": 447236904, "signal": 12570, "smash jobs": 3, "triage jobs": 2, "vm output": 882456, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/09/22 17:40:24 fuzzer has not reached the modified code in 30m0s, aborting 2025/09/22 17:40:24 syz-diff (base): kernel context loop terminated 2025/09/22 17:40:24 syz-diff (new): kernel context loop terminated 2025/09/22 17:40:24 diff fuzzing terminated 2025/09/22 17:40:24 status reporting terminated 2025/09/22 17:40:24 bug reporting terminated 2025/09/22 17:40:24 fuzzing is finished 2025/09/22 17:40:24 status at the end: Title On-Base On-Patched