2025/08/15 13:48:07 extracted 303751 symbol hashes for base and 303751 for patched 2025/08/15 13:48:07 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/15 13:48:07 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c"] 2025/08/15 13:48:08 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/15 13:49:06 runner 2 connected 2025/08/15 13:49:06 runner 1 connected 2025/08/15 13:49:06 runner 3 connected 2025/08/15 13:49:06 runner 0 connected 2025/08/15 13:49:06 runner 3 connected 2025/08/15 13:49:06 runner 1 connected 2025/08/15 13:49:06 runner 5 connected 2025/08/15 13:49:06 runner 4 connected 2025/08/15 13:49:06 runner 8 connected 2025/08/15 13:49:06 runner 0 connected 2025/08/15 13:49:07 runner 2 connected 2025/08/15 13:49:13 runner 6 connected 2025/08/15 13:49:13 executor cover filter: 0 PCs 2025/08/15 13:49:13 initializing coverage information... 2025/08/15 13:49:13 runner 9 connected 2025/08/15 13:49:15 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/15 13:49:15 base: machine check complete 2025/08/15 13:49:18 discovered 7699 source files, 338620 symbols 2025/08/15 13:49:18 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/15 13:49:18 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2025/08/15 13:49:18 area "symbols": 15 PCs in the cover filter 2025/08/15 13:49:18 area "files": 0 PCs in the cover filter 2025/08/15 13:49:18 area "": 0 PCs in the cover filter 2025/08/15 13:49:18 executor cover filter: 0 PCs 2025/08/15 13:49:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/15 13:49:20 new: machine check complete 2025/08/15 13:49:23 new: adding 2062 seeds 2025/08/15 13:49:39 triaged 97.3% of the corpus 2025/08/15 13:49:39 starting bug reproductions 2025/08/15 13:49:39 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/15 13:50:09 triaged 100.0% of the corpus 2025/08/15 13:53:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 4, "corpus": 672, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9427, "distributor delayed": 390, "distributor undelayed": 390, "distributor violated": 0, "exec candidate": 2062, "exec collide": 3234, "exec fuzz": 6358, "exec gen": 323, "exec hints": 1029, "exec inject": 0, "exec minimize": 9464, "exec retries": 0, "exec seeds": 1880, "exec smash": 6799, "exec total [base]": 20698, "exec total [new]": 39070, "exec triage": 1795, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 843, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 166, "max signal": 9773, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5034, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 752, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 268, "reproducing": 0, "rpc recv": 919567296, "rpc sent": 73311472, "signal": 9069, "smash jobs": 668, "triage jobs": 9, "vm output": 188504, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/15 13:58:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 22, "corpus": 932, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 13, "coverage": 11169, "distributor delayed": 516, "distributor undelayed": 516, "distributor violated": 0, "exec candidate": 2062, "exec collide": 7838, "exec fuzz": 14955, "exec gen": 774, "exec hints": 2880, "exec inject": 0, "exec minimize": 14106, "exec retries": 0, "exec seeds": 2743, "exec smash": 17738, "exec total [base]": 35776, "exec total [new]": 71700, "exec triage": 2480, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 681, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 150, "max signal": 11682, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7196, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1058, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 1327588004, "rpc sent": 169178328, "signal": 10757, "smash jobs": 520, "triage jobs": 11, "vm output": 305462, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/15 13:58:15 new: boot error: can't ssh into the instance 2025/08/15 13:59:12 runner 7 connected 2025/08/15 14:03:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1119, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 29, "coverage": 12180, "distributor delayed": 621, "distributor undelayed": 621, "distributor violated": 0, "exec candidate": 2062, "exec collide": 12444, "exec fuzz": 23585, "exec gen": 1255, "exec hints": 6303, "exec inject": 0, "exec minimize": 17514, "exec retries": 0, "exec seeds": 3366, "exec smash": 27403, "exec total [base]": 49275, "exec total [new]": 103065, "exec triage": 3002, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 126, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 49, "max signal": 12616, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8720, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1278, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 284, "reproducing": 0, "rpc recv": 1699623116, "rpc sent": 256674976, "signal": 11642, "smash jobs": 68, "triage jobs": 9, "vm output": 483804, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 14:08:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 1232, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 36, "coverage": 12470, "distributor delayed": 678, "distributor undelayed": 678, "distributor violated": 0, "exec candidate": 2062, "exec collide": 18558, "exec fuzz": 35343, "exec gen": 1839, "exec hints": 13163, "exec inject": 0, "exec minimize": 19504, "exec retries": 0, "exec seeds": 3714, "exec smash": 30753, "exec total [base]": 62071, "exec total [new]": 134360, "exec triage": 3294, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 46, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 19, "max signal": 12931, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9608, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1404, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 287, "reproducing": 0, "rpc recv": 1907566736, "rpc sent": 338960744, "signal": 11942, "smash jobs": 23, "triage jobs": 4, "vm output": 704563, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 14:13:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1303, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 46, "coverage": 12627, "distributor delayed": 717, "distributor undelayed": 717, "distributor violated": 0, "exec candidate": 2062, "exec collide": 25766, "exec fuzz": 49347, "exec gen": 2610, "exec hints": 16635, "exec inject": 0, "exec minimize": 20684, "exec retries": 0, "exec seeds": 3923, "exec smash": 32607, "exec total [base]": 73722, "exec total [new]": 163256, "exec triage": 3491, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 7, "max signal": 13098, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10157, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1487, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 2034252592, "rpc sent": 422428800, "signal": 12084, "smash jobs": 7, "triage jobs": 3, "vm output": 842824, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 14:18:09 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 59, "corpus": 1377, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 55, "coverage": 12810, "distributor delayed": 763, "distributor undelayed": 763, "distributor violated": 0, "exec candidate": 2062, "exec collide": 33271, "exec fuzz": 63542, "exec gen": 3396, "exec hints": 17805, "exec inject": 0, "exec minimize": 21856, "exec retries": 0, "exec seeds": 4149, "exec smash": 34511, "exec total [base]": 85175, "exec total [new]": 190424, "exec triage": 3699, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13371, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10699, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1576, "no exec duration": 20000000000, "no exec requests": 20, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 2152178712, "rpc sent": 509574576, "signal": 12252, "smash jobs": 5, "triage jobs": 5, "vm output": 979311, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 14:20:09 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/15 14:20:10 syz-diff (base): kernel context loop terminated 2025/08/15 14:20:10 syz-diff (new): kernel context loop terminated 2025/08/15 14:20:10 diff fuzzing terminated 2025/08/15 14:20:10 bug reporting terminated 2025/08/15 14:20:10 status reporting terminated 2025/08/15 14:20:10 fuzzing is finished 2025/08/15 14:20:10 status at the end: Title On-Base On-Patched