2026/01/30 01:29:10 extracted 326156 text symbol hashes for base and 326158 for patched 2026/01/30 01:29:10 binaries are different, continuing fuzzing 2026/01/30 01:29:10 adding modified_functions to focus areas: ["__pfx_amd_pmu_refresh_host_guest_eventsel_hw" "amd_is_valid_msr" "amd_msr_idx_to_pmc" "amd_pmu_get_msr" "amd_pmu_refresh" "amd_pmu_refresh_host_guest_eventsel_hw" "amd_pmu_set_msr" "enter_svm_guest_mode" "nested_svm_load_cr3" "nested_svm_vmexit" "nested_svm_vmrun" "nested_vmcb02_prepare_control" "svm_get_nested_state_pages" "svm_leave_nested" "svm_set_efer" "svm_set_nested_state"] 2026/01/30 01:29:10 adding directly modified files to focus areas: ["arch/x86/include/asm/perf_event.h" "arch/x86/kvm/svm/nested.c" "arch/x86/kvm/svm/pmu.c" "arch/x86/kvm/svm/svm.c" "arch/x86/kvm/svm/svm.h" "tools/testing/selftests/kvm/Makefile.kvm" "tools/testing/selftests/kvm/include/x86/pmu.h" "tools/testing/selftests/kvm/x86/svm_pmu_host_guest_test.c"] 2026/01/30 01:29:10 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/01/30 01:30:09 runner 5 connected 2026/01/30 01:30:09 runner 6 connected 2026/01/30 01:30:09 runner 1 connected 2026/01/30 01:30:09 runner 0 connected 2026/01/30 01:30:09 runner 8 connected 2026/01/30 01:30:09 runner 3 connected 2026/01/30 01:30:09 runner 7 connected 2026/01/30 01:30:10 runner 4 connected 2026/01/30 01:30:10 runner 2 connected 2026/01/30 01:30:15 initializing coverage information... 2026/01/30 01:30:15 executor cover filter: 0 PCs 2026/01/30 01:30:16 runner 0 connected 2026/01/30 01:30:16 runner 2 connected 2026/01/30 01:30:16 runner 1 connected 2026/01/30 01:30:17 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/30 01:30:17 base: machine check complete 2026/01/30 01:30:18 discovered 7661 source files, 337555 symbols 2026/01/30 01:30:19 coverage filter: ^__pfx_amd_pmu_refresh_host_guest_eventsel_hw$: [] 2026/01/30 01:30:19 coverage filter: ^amd_is_valid_msr$: [amd_is_valid_msr] 2026/01/30 01:30:19 coverage filter: ^amd_msr_idx_to_pmc$: [amd_msr_idx_to_pmc] 2026/01/30 01:30:19 coverage filter: ^amd_pmu_get_msr$: [amd_pmu_get_msr] 2026/01/30 01:30:19 coverage filter: ^amd_pmu_refresh$: [amd_pmu_refresh] 2026/01/30 01:30:19 coverage filter: ^amd_pmu_refresh_host_guest_eventsel_hw$: [amd_pmu_refresh_host_guest_eventsel_hw] 2026/01/30 01:30:19 coverage filter: ^amd_pmu_set_msr$: [amd_pmu_set_msr] 2026/01/30 01:30:19 coverage filter: ^enter_svm_guest_mode$: [enter_svm_guest_mode] 2026/01/30 01:30:19 coverage filter: ^nested_svm_load_cr3$: [nested_svm_load_cr3] 2026/01/30 01:30:19 coverage filter: ^nested_svm_vmexit$: [nested_svm_vmexit] 2026/01/30 01:30:19 coverage filter: ^nested_svm_vmrun$: [nested_svm_vmrun] 2026/01/30 01:30:19 coverage filter: ^nested_vmcb02_prepare_control$: [nested_vmcb02_prepare_control] 2026/01/30 01:30:19 coverage filter: ^svm_get_nested_state_pages$: [svm_get_nested_state_pages] 2026/01/30 01:30:19 coverage filter: ^svm_leave_nested$: [svm_leave_nested] 2026/01/30 01:30:19 coverage filter: ^svm_set_efer$: [svm_set_efer] 2026/01/30 01:30:19 coverage filter: ^svm_set_nested_state$: [svm_set_nested_state] 2026/01/30 01:30:19 coverage filter: arch/x86/include/asm/perf_event.h: [] 2026/01/30 01:30:19 coverage filter: arch/x86/kvm/svm/nested.c: [arch/x86/kvm/svm/nested.c] 2026/01/30 01:30:19 coverage filter: arch/x86/kvm/svm/pmu.c: [arch/x86/kvm/svm/pmu.c] 2026/01/30 01:30:19 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2026/01/30 01:30:19 coverage filter: arch/x86/kvm/svm/svm.h: [] 2026/01/30 01:30:19 coverage filter: tools/testing/selftests/kvm/Makefile.kvm: [] 2026/01/30 01:30:19 coverage filter: tools/testing/selftests/kvm/include/x86/pmu.h: [] 2026/01/30 01:30:19 coverage filter: tools/testing/selftests/kvm/x86/svm_pmu_host_guest_test.c: [] 2026/01/30 01:30:19 area "symbols": 569 PCs in the cover filter 2026/01/30 01:30:19 area "files": 3272 PCs in the cover filter 2026/01/30 01:30:19 area "": 0 PCs in the cover filter 2026/01/30 01:30:19 executor cover filter: 0 PCs 2026/01/30 01:30:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/30 01:30:20 new: machine check complete 2026/01/30 01:30:23 new: adding 2792 seeds 2026/01/30 01:30:42 triaged 96.7% of the corpus 2026/01/30 01:30:42 starting bug reproductions 2026/01/30 01:30:42 starting bug reproductions (max 6 VMs, 4 repros) 2026/01/30 01:31:12 triaged 100.0% of the corpus 2026/01/30 01:34:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 759, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9843, "distributor delayed": 489, "distributor undelayed": 489, "distributor violated": 0, "exec candidate": 2792, "exec collide": 4760, "exec fuzz": 9084, "exec gen": 486, "exec hints": 1512, "exec inject": 0, "exec minimize": 9576, "exec retries": 0, "exec seeds": 2130, "exec smash": 10463, "exec total [base]": 19167, "exec total [new]": 51148, "exec triage": 2034, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 820, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 149, "max signal": 10273, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5228, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 870, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 209, "reproducing": 0, "rpc recv": 1265054132, "rpc sent": 72818208, "signal": 9373, "smash jobs": 654, "triage jobs": 17, "vm output": 231925, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 01:39:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 14, "corpus": 1091, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 7, "coverage": 12439, "distributor delayed": 669, "distributor undelayed": 669, "distributor violated": 0, "exec candidate": 2792, "exec collide": 10381, "exec fuzz": 19686, "exec gen": 1022, "exec hints": 3935, "exec inject": 0, "exec minimize": 14550, "exec retries": 0, "exec seeds": 3204, "exec smash": 23734, "exec total [base]": 32385, "exec total [new]": 90524, "exec triage": 2908, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 449, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 105, "max signal": 12906, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7547, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1255, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 247, "reproducing": 0, "rpc recv": 2312543052, "rpc sent": 157659808, "signal": 11274, "smash jobs": 331, "triage jobs": 13, "vm output": 559362, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 01:44:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 68, "corpus": 1293, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 31, "coverage": 12964, "distributor delayed": 795, "distributor undelayed": 795, "distributor violated": 0, "exec candidate": 2792, "exec collide": 15348, "exec fuzz": 29489, "exec gen": 1548, "exec hints": 6742, "exec inject": 0, "exec minimize": 18003, "exec retries": 0, "exec seeds": 3865, "exec smash": 32037, "exec total [base]": 42845, "exec total [new]": 121600, "exec triage": 3467, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 23, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13490, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9114, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1486, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 240, "reproducing": 0, "rpc recv": 3324326572, "rpc sent": 228988072, "signal": 12335, "smash jobs": 13, "triage jobs": 6, "vm output": 793932, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 01:49:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 86, "corpus": 1415, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 70, "coverage": 13377, "distributor delayed": 856, "distributor undelayed": 856, "distributor violated": 0, "exec candidate": 2792, "exec collide": 22059, "exec fuzz": 42644, "exec gen": 2215, "exec hints": 7571, "exec inject": 0, "exec minimize": 20358, "exec retries": 0, "exec seeds": 4233, "exec smash": 35165, "exec total [base]": 51996, "exec total [new]": 149161, "exec triage": 3812, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14031, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10180, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1632, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 297, "reproducing": 0, "rpc recv": 4136485116, "rpc sent": 300252616, "signal": 12723, "smash jobs": 11, "triage jobs": 6, "vm output": 995271, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 01:54:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 102, "corpus": 1501, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 95, "coverage": 13653, "distributor delayed": 911, "distributor undelayed": 911, "distributor violated": 0, "exec candidate": 2792, "exec collide": 29058, "exec fuzz": 56092, "exec gen": 2951, "exec hints": 8374, "exec inject": 0, "exec minimize": 22027, "exec retries": 0, "exec seeds": 4497, "exec smash": 37413, "exec total [base]": 60646, "exec total [new]": 175595, "exec triage": 4081, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 2, "max signal": 14269, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10921, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1739, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 377, "reproducing": 0, "rpc recv": 4905687948, "rpc sent": 371288296, "signal": 12933, "smash jobs": 5, "triage jobs": 3, "vm output": 1185658, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 01:59:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 119, "corpus": 1553, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 115, "coverage": 13800, "distributor delayed": 939, "distributor undelayed": 939, "distributor violated": 0, "exec candidate": 2792, "exec collide": 36544, "exec fuzz": 69889, "exec gen": 3656, "exec hints": 8713, "exec inject": 0, "exec minimize": 23138, "exec retries": 0, "exec seeds": 4653, "exec smash": 38775, "exec total [base]": 69061, "exec total [new]": 200742, "exec triage": 4272, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 6, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 14476, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11436, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1815, "no exec duration": 19202000000, "no exec requests": 53, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 5561301872, "rpc sent": 441805784, "signal": 13143, "smash jobs": 0, "triage jobs": 6, "vm output": 1377284, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 02:01:12 fuzzer has not reached the modified code in 30m0s, aborting 2026/01/30 02:01:12 repro loop terminated 2026/01/30 02:01:12 base: rpc server terminaled 2026/01/30 02:01:12 new: rpc server terminaled 2026/01/30 02:01:13 base: pool terminated 2026/01/30 02:01:13 base: kernel context loop terminated 2026/01/30 02:01:13 new: pool terminated 2026/01/30 02:01:13 new: kernel context loop terminated 2026/01/30 02:01:13 diff fuzzing terminated 2026/01/30 02:01:13 bug reporting terminated 2026/01/30 02:01:13 status reporting terminated 2026/01/30 02:01:13 fuzzing is finished 2026/01/30 02:01:13 status at the end: Title On-Base On-Patched