2025/08/15 07:11:38 extracted 303751 symbol hashes for base and 303751 for patched 2025/08/15 07:11:38 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/15 07:11:38 adding directly modified files to focus areas: ["drivers/vfio/vfio_iommu_type1.c" "include/linux/mm.h" "include/linux/mm_inline.h"] 2025/08/15 07:11:39 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/15 07:12:38 runner 0 connected 2025/08/15 07:12:38 runner 6 connected 2025/08/15 07:12:44 runner 2 connected 2025/08/15 07:12:44 runner 4 connected 2025/08/15 07:12:44 runner 8 connected 2025/08/15 07:12:44 runner 5 connected 2025/08/15 07:12:45 runner 3 connected 2025/08/15 07:12:45 initializing coverage information... 2025/08/15 07:12:45 runner 0 connected 2025/08/15 07:12:45 runner 9 connected 2025/08/15 07:12:45 runner 2 connected 2025/08/15 07:12:45 runner 7 connected 2025/08/15 07:12:46 runner 3 connected 2025/08/15 07:12:46 runner 1 connected 2025/08/15 07:12:51 discovered 7699 source files, 338620 symbols 2025/08/15 07:12:52 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/15 07:12:52 coverage filter: drivers/vfio/vfio_iommu_type1.c: [] 2025/08/15 07:12:52 coverage filter: include/linux/mm.h: [] 2025/08/15 07:12:52 coverage filter: include/linux/mm_inline.h: [] 2025/08/15 07:12:52 area "symbols": 15 PCs in the cover filter 2025/08/15 07:12:52 area "files": 0 PCs in the cover filter 2025/08/15 07:12:52 area "": 0 PCs in the cover filter 2025/08/15 07:12:52 executor cover filter: 0 PCs 2025/08/15 07:12:52 executor cover filter: 0 PCs 2025/08/15 07:12:53 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/15 07:12:53 new: machine check complete 2025/08/15 07:12:55 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/15 07:12:55 base: machine check complete 2025/08/15 07:12:57 new: adding 2157 seeds 2025/08/15 07:13:11 triaged 97.3% of the corpus 2025/08/15 07:13:11 starting bug reproductions 2025/08/15 07:13:11 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/15 07:13:41 triaged 100.0% of the corpus 2025/08/15 07:16:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 10, "corpus": 738, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10682, "distributor delayed": 422, "distributor undelayed": 422, "distributor violated": 0, "exec candidate": 2157, "exec collide": 4046, "exec fuzz": 7563, "exec gen": 373, "exec hints": 1245, "exec inject": 0, "exec minimize": 10352, "exec retries": 0, "exec seeds": 2033, "exec smash": 8442, "exec total [base]": 15759, "exec total [new]": 44691, "exec triage": 2067, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 843, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 170, "max signal": 11268, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5588, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 866, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 263, "reproducing": 0, "rpc recv": 853215496, "rpc sent": 62606000, "signal": 10153, "smash jobs": 658, "triage jobs": 15, "vm output": 242299, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/15 07:21:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 37, "corpus": 1014, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 6, "coverage": 12139, "distributor delayed": 562, "distributor undelayed": 562, "distributor violated": 0, "exec candidate": 2157, "exec collide": 9076, "exec fuzz": 16913, "exec gen": 849, "exec hints": 3264, "exec inject": 0, "exec minimize": 14771, "exec retries": 0, "exec seeds": 2965, "exec smash": 20338, "exec total [base]": 26735, "exec total [new]": 79622, "exec triage": 2879, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 568, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 10, "hints jobs": 111, "max signal": 12794, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7652, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1203, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 291, "reproducing": 0, "rpc recv": 1223199284, "rpc sent": 141773240, "signal": 11532, "smash jobs": 447, "triage jobs": 10, "vm output": 460745, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2025/08/15 07:21:47 base: boot error: can't ssh into the instance 2025/08/15 07:22:46 runner 1 connected 2025/08/15 07:26:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 41, "corpus": 1198, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 13, "coverage": 12658, "distributor delayed": 650, "distributor undelayed": 650, "distributor violated": 0, "exec candidate": 2157, "exec collide": 13997, "exec fuzz": 26126, "exec gen": 1369, "exec hints": 6749, "exec inject": 0, "exec minimize": 17797, "exec retries": 0, "exec seeds": 3558, "exec smash": 29552, "exec total [base]": 38797, "exec total [new]": 111091, "exec triage": 3376, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 8, "max signal": 13287, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9132, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1420, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 1484069692, "rpc sent": 221199976, "signal": 11955, "smash jobs": 9, "triage jobs": 3, "vm output": 672273, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 07:31:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 50, "corpus": 1313, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 16, "coverage": 12931, "distributor delayed": 702, "distributor undelayed": 702, "distributor violated": 0, "exec candidate": 2157, "exec collide": 21072, "exec fuzz": 39431, "exec gen": 2092, "exec hints": 9393, "exec inject": 0, "exec minimize": 19790, "exec retries": 0, "exec seeds": 3906, "exec smash": 32409, "exec total [base]": 50706, "exec total [new]": 140321, "exec triage": 3663, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13562, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10072, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1551, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 336, "reproducing": 0, "rpc recv": 1628670432, "rpc sent": 300393000, "signal": 12208, "smash jobs": 12, "triage jobs": 4, "vm output": 884526, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 07:36:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 1399, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 20, "coverage": 13179, "distributor delayed": 736, "distributor undelayed": 736, "distributor violated": 0, "exec candidate": 2157, "exec collide": 28364, "exec fuzz": 53478, "exec gen": 2811, "exec hints": 10774, "exec inject": 0, "exec minimize": 21300, "exec retries": 0, "exec seeds": 4160, "exec smash": 34641, "exec total [base]": 62099, "exec total [new]": 167978, "exec triage": 3885, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13853, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10831, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1649, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 286, "reproducing": 0, "rpc recv": 1737521732, "rpc sent": 379557752, "signal": 12447, "smash jobs": 4, "triage jobs": 3, "vm output": 1099286, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 07:41:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1482, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 21, "coverage": 13421, "distributor delayed": 773, "distributor undelayed": 773, "distributor violated": 0, "exec candidate": 2157, "exec collide": 35461, "exec fuzz": 67283, "exec gen": 3549, "exec hints": 11721, "exec inject": 0, "exec minimize": 23001, "exec retries": 1, "exec seeds": 4411, "exec smash": 36625, "exec total [base]": 73301, "exec total [new]": 194759, "exec triage": 4140, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 14129, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11649, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1762, "no exec duration": 13000000000, "no exec requests": 13, "pending": 0, "prog exec time": 341, "reproducing": 0, "rpc recv": 1887965940, "rpc sent": 459769968, "signal": 12715, "smash jobs": 12, "triage jobs": 11, "vm output": 1313226, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/15 07:43:41 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/15 07:43:41 syz-diff (base): kernel context loop terminated 2025/08/15 07:43:41 syz-diff (new): kernel context loop terminated 2025/08/15 07:43:41 diff fuzzing terminated 2025/08/15 07:43:41 bug reporting terminated 2025/08/15 07:43:41 status reporting terminated 2025/08/15 07:43:41 fuzzing is finished 2025/08/15 07:43:41 status at the end: Title On-Base On-Patched