2025/08/08 08:33:18 extracted 303683 symbol hashes for base and 303683 for patched 2025/08/08 08:33:18 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/08 08:33:18 adding directly modified files to focus areas: ["arch/x86/kvm/vmx/tdx.c"] 2025/08/08 08:33:19 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/08 08:34:09 runner 6 connected 2025/08/08 08:34:09 runner 0 connected 2025/08/08 08:34:09 runner 1 connected 2025/08/08 08:34:10 runner 3 connected 2025/08/08 08:34:10 runner 2 connected 2025/08/08 08:34:10 runner 9 connected 2025/08/08 08:34:10 runner 0 connected 2025/08/08 08:34:10 runner 1 connected 2025/08/08 08:34:10 runner 8 connected 2025/08/08 08:34:10 runner 4 connected 2025/08/08 08:34:10 runner 7 connected 2025/08/08 08:34:11 runner 2 connected 2025/08/08 08:34:11 runner 5 connected 2025/08/08 08:34:15 initializing coverage information... 2025/08/08 08:34:16 executor cover filter: 0 PCs 2025/08/08 08:34:18 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/08 08:34:18 base: machine check complete 2025/08/08 08:34:21 discovered 7697 source files, 338543 symbols 2025/08/08 08:34:21 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/08 08:34:21 coverage filter: arch/x86/kvm/vmx/tdx.c: [] 2025/08/08 08:34:21 area "symbols": 15 PCs in the cover filter 2025/08/08 08:34:21 area "files": 0 PCs in the cover filter 2025/08/08 08:34:21 area "": 0 PCs in the cover filter 2025/08/08 08:34:21 executor cover filter: 0 PCs 2025/08/08 08:34:22 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/08 08:34:22 new: machine check complete 2025/08/08 08:34:25 new: adding 1969 seeds 2025/08/08 08:34:51 triaged 100.0% of the corpus 2025/08/08 08:34:51 starting bug reproductions 2025/08/08 08:34:51 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/08 08:34:51 triaged 100.0% of the corpus 2025/08/08 08:38:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 720, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9092, "distributor delayed": 471, "distributor undelayed": 471, "distributor violated": 0, "exec candidate": 1969, "exec collide": 5229, "exec fuzz": 9628, "exec gen": 550, "exec hints": 1564, "exec inject": 0, "exec minimize": 9165, "exec retries": 0, "exec seeds": 2071, "exec smash": 11521, "exec total [base]": 25474, "exec total [new]": 49487, "exec triage": 1950, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 729, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 119, "max signal": 9472, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4836, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 824, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 192, "reproducing": 0, "rpc recv": 799401832, "rpc sent": 73676024, "signal": 8721, "smash jobs": 605, "triage jobs": 5, "vm output": 217620, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/08 08:43:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 12, "corpus": 1036, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 47, "coverage": 11755, "distributor delayed": 639, "distributor undelayed": 639, "distributor violated": 0, "exec candidate": 1969, "exec collide": 11030, "exec fuzz": 20569, "exec gen": 1140, "exec hints": 5076, "exec inject": 0, "exec minimize": 14151, "exec retries": 0, "exec seeds": 3065, "exec smash": 24353, "exec total [base]": 44416, "exec total [new]": 89940, "exec triage": 2746, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 194, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 64, "max signal": 12219, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7160, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1188, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 248, "reproducing": 0, "rpc recv": 1159209200, "rpc sent": 168620272, "signal": 11369, "smash jobs": 118, "triage jobs": 12, "vm output": 360576, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/08 08:43:26 new: boot error: can't ssh into the instance 2025/08/08 08:48:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1237, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 96, "coverage": 12513, "distributor delayed": 746, "distributor undelayed": 746, "distributor violated": 0, "exec candidate": 1969, "exec collide": 16932, "exec fuzz": 31760, "exec gen": 1764, "exec hints": 9896, "exec inject": 0, "exec minimize": 17661, "exec retries": 0, "exec seeds": 3708, "exec smash": 30804, "exec total [base]": 60001, "exec total [new]": 123616, "exec triage": 3280, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 13017, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8772, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1417, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 247, "reproducing": 0, "rpc recv": 1514534336, "rpc sent": 264876904, "signal": 12088, "smash jobs": 11, "triage jobs": 4, "vm output": 567284, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/08 08:53:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 31, "corpus": 1332, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 116, "coverage": 12836, "distributor delayed": 795, "distributor undelayed": 795, "distributor violated": 0, "exec candidate": 1969, "exec collide": 24919, "exec fuzz": 46960, "exec gen": 2473, "exec hints": 11328, "exec inject": 0, "exec minimize": 19330, "exec retries": 0, "exec seeds": 3996, "exec smash": 33257, "exec total [base]": 74080, "exec total [new]": 153655, "exec triage": 3582, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 13425, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9545, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1543, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 298, "reproducing": 0, "rpc recv": 1697319740, "rpc sent": 371720912, "signal": 12396, "smash jobs": 4, "triage jobs": 6, "vm output": 719388, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/08 08:53:32 new: boot error: can't ssh into the instance 2025/08/08 08:54:14 runner 3 connected 2025/08/08 08:58:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 47, "corpus": 1459, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 141, "coverage": 13240, "distributor delayed": 843, "distributor undelayed": 843, "distributor violated": 0, "exec candidate": 1969, "exec collide": 33091, "exec fuzz": 62494, "exec gen": 3343, "exec hints": 12139, "exec inject": 0, "exec minimize": 21745, "exec retries": 0, "exec seeds": 4380, "exec smash": 36457, "exec total [base]": 87466, "exec total [new]": 185363, "exec triage": 3902, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 13805, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10693, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1684, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 1927751532, "rpc sent": 491943424, "signal": 12819, "smash jobs": 5, "triage jobs": 2, "vm output": 928456, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/08 09:03:21 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 57, "corpus": 1557, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 161, "coverage": 13586, "distributor delayed": 887, "distributor undelayed": 887, "distributor violated": 0, "exec candidate": 1969, "exec collide": 41526, "exec fuzz": 78512, "exec gen": 4183, "exec hints": 12570, "exec inject": 0, "exec minimize": 23685, "exec retries": 0, "exec seeds": 4677, "exec smash": 38938, "exec total [base]": 100327, "exec total [new]": 216074, "exec triage": 4171, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14132, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11586, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1798, "no exec duration": 21263000000, "no exec requests": 75, "pending": 0, "prog exec time": 360, "reproducing": 0, "rpc recv": 2117366008, "rpc sent": 617851368, "signal": 13129, "smash jobs": 5, "triage jobs": 3, "vm output": 1096793, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/08 09:04:51 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/08 09:04:51 syz-diff (base): kernel context loop terminated 2025/08/08 09:04:51 syz-diff (new): kernel context loop terminated 2025/08/08 09:04:51 diff fuzzing terminated 2025/08/08 09:04:51 bug reporting terminated 2025/08/08 09:04:51 status reporting terminated 2025/08/08 09:04:51 fuzzing is finished 2025/08/08 09:04:51 status at the end: Title On-Base On-Patched