2025/07/31 19:28:06 extracted 302733 symbol hashes for base and 302733 for patched 2025/07/31 19:28:06 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/07/31 19:28:06 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 19:28:06 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 19:28:06 adding directly modified files to focus areas: ["arch/arm64/include/asm/kvm_pgtable.h" "arch/arm64/include/asm/kvm_pkvm.h" "arch/arm64/kvm/hyp/pgtable.c" "arch/arm64/kvm/mmu.c" "arch/arm64/kvm/pkvm.c"] 2025/07/31 19:28:07 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/07/31 19:29:04 runner 6 connected 2025/07/31 19:29:04 runner 3 connected 2025/07/31 19:29:04 runner 5 connected 2025/07/31 19:29:04 runner 4 connected 2025/07/31 19:29:04 runner 2 connected 2025/07/31 19:29:04 runner 2 connected 2025/07/31 19:29:04 runner 0 connected 2025/07/31 19:29:04 runner 1 connected 2025/07/31 19:29:05 runner 1 connected 2025/07/31 19:29:05 runner 0 connected 2025/07/31 19:29:05 runner 9 connected 2025/07/31 19:29:05 runner 3 connected 2025/07/31 19:29:06 runner 8 connected 2025/07/31 19:29:11 initializing coverage information... 2025/07/31 19:29:11 executor cover filter: 0 PCs 2025/07/31 19:29:13 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 19:29:13 base: machine check complete 2025/07/31 19:29:15 discovered 7668 source files, 337507 symbols 2025/07/31 19:29:15 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/07/31 19:29:15 coverage filter: arch/arm64/include/asm/kvm_pgtable.h: [] 2025/07/31 19:29:15 coverage filter: arch/arm64/include/asm/kvm_pkvm.h: [] 2025/07/31 19:29:15 coverage filter: arch/arm64/kvm/hyp/pgtable.c: [] 2025/07/31 19:29:15 coverage filter: arch/arm64/kvm/mmu.c: [] 2025/07/31 19:29:15 coverage filter: arch/arm64/kvm/pkvm.c: [] 2025/07/31 19:29:15 area "symbols": 15 PCs in the cover filter 2025/07/31 19:29:15 area "files": 0 PCs in the cover filter 2025/07/31 19:29:15 area "": 0 PCs in the cover filter 2025/07/31 19:29:15 executor cover filter: 0 PCs 2025/07/31 19:29:16 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 19:29:16 new: machine check complete 2025/07/31 19:29:20 new: adding 2126 seeds 2025/07/31 19:29:38 triaged 99.2% of the corpus 2025/07/31 19:29:38 triaged 99.2% of the corpus 2025/07/31 19:29:38 starting bug reproductions 2025/07/31 19:29:38 starting bug reproductions (max 10 VMs, 7 repros) 2025/07/31 19:33:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 752, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 9956, "distributor delayed": 474, "distributor undelayed": 474, "distributor violated": 0, "exec candidate": 2126, "exec collide": 4054, "exec fuzz": 7832, "exec gen": 409, "exec hints": 1316, "exec inject": 0, "exec minimize": 10844, "exec retries": 0, "exec seeds": 2099, "exec smash": 8661, "exec total [base]": 23918, "exec total [new]": 45714, "exec triage": 2050, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 851, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 194, "max signal": 10346, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5726, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 868, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 229, "reproducing": 0, "rpc recv": 934659212, "rpc sent": 80462528, "signal": 9495, "smash jobs": 649, "triage jobs": 8, "vm output": 197939, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/07/31 19:38:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 985, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 11219, "distributor delayed": 588, "distributor undelayed": 588, "distributor violated": 0, "exec candidate": 2126, "exec collide": 9014, "exec fuzz": 17233, "exec gen": 843, "exec hints": 3618, "exec inject": 0, "exec minimize": 14953, "exec retries": 0, "exec seeds": 2898, "exec smash": 20347, "exec total [base]": 39903, "exec total [new]": 80026, "exec triage": 2671, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 555, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 139, "max signal": 11756, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7687, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1143, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 234, "reproducing": 0, "rpc recv": 1264707392, "rpc sent": 187326840, "signal": 10729, "smash jobs": 405, "triage jobs": 11, "vm output": 309924, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/07/31 19:39:02 runner 7 connected 2025/07/31 19:43:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1224, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12727, "distributor delayed": 700, "distributor undelayed": 700, "distributor violated": 0, "exec candidate": 2126, "exec collide": 13941, "exec fuzz": 26631, "exec gen": 1322, "exec hints": 7749, "exec inject": 0, "exec minimize": 19339, "exec retries": 0, "exec seeds": 3655, "exec smash": 30278, "exec total [base]": 54251, "exec total [new]": 114653, "exec triage": 3286, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 55, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 25, "max signal": 13214, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9697, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1416, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 245, "reproducing": 0, "rpc recv": 1664515196, "rpc sent": 284589376, "signal": 12190, "smash jobs": 21, "triage jobs": 9, "vm output": 585055, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 19:48:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1368, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13207, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2126, "exec collide": 21119, "exec fuzz": 39945, "exec gen": 2000, "exec hints": 13419, "exec inject": 0, "exec minimize": 21779, "exec retries": 0, "exec seeds": 4097, "exec smash": 33982, "exec total [base]": 67892, "exec total [new]": 148456, "exec triage": 3662, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 11, "max signal": 13720, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10778, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1578, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 262, "reproducing": 0, "rpc recv": 1916531380, "rpc sent": 382011056, "signal": 12660, "smash jobs": 10, "triage jobs": 7, "vm output": 818487, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 19:53:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1451, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13400, "distributor delayed": 810, "distributor undelayed": 810, "distributor violated": 0, "exec candidate": 2126, "exec collide": 28618, "exec fuzz": 54228, "exec gen": 2755, "exec hints": 16588, "exec inject": 0, "exec minimize": 23615, "exec retries": 0, "exec seeds": 4350, "exec smash": 36236, "exec total [base]": 80333, "exec total [new]": 178740, "exec triage": 3896, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 14117, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11659, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1679, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 332, "reproducing": 0, "rpc recv": 2066472920, "rpc sent": 480298248, "signal": 12846, "smash jobs": 2, "triage jobs": 6, "vm output": 1145198, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 19:58:08 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1514, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13756, "distributor delayed": 830, "distributor undelayed": 830, "distributor violated": 0, "exec candidate": 2126, "exec collide": 36578, "exec fuzz": 69255, "exec gen": 3583, "exec hints": 18605, "exec inject": 0, "exec minimize": 24750, "exec retries": 0, "exec seeds": 4538, "exec smash": 37796, "exec total [base]": 92154, "exec total [new]": 207616, "exec triage": 4058, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 14325, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12182, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1750, "no exec duration": 19131000000, "no exec requests": 44, "pending": 0, "prog exec time": 288, "reproducing": 0, "rpc recv": 2170981000, "rpc sent": 580614736, "signal": 13176, "smash jobs": 2, "triage jobs": 1, "vm output": 1484589, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 19:59:38 fuzzer has not reached the modified code in 30m0s, aborting 2025/07/31 19:59:38 syz-diff (base): kernel context loop terminated 2025/07/31 19:59:38 syz-diff (new): kernel context loop terminated 2025/07/31 19:59:38 diff fuzzing terminated 2025/07/31 19:59:38 bug reporting terminated 2025/07/31 19:59:38 status reporting terminated 2025/07/31 19:59:38 fuzzing is finished 2025/07/31 19:59:38 status at the end: Title On-Base On-Patched