2025/08/06 23:38:40 extracted 303683 symbol hashes for base and 303683 for patched 2025/08/06 23:38:40 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/06 23:38:40 adding directly modified files to focus areas: ["tools/testing/selftests/kvm/include/kvm_util.h" "tools/testing/selftests/kvm/include/x86/processor.h" "tools/testing/selftests/kvm/lib/kvm_util.c"] 2025/08/06 23:38:41 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/06 23:39:31 runner 9 connected 2025/08/06 23:39:31 runner 3 connected 2025/08/06 23:39:31 runner 0 connected 2025/08/06 23:39:32 runner 1 connected 2025/08/06 23:39:37 initializing coverage information... 2025/08/06 23:39:38 runner 0 connected 2025/08/06 23:39:38 runner 2 connected 2025/08/06 23:39:39 runner 4 connected 2025/08/06 23:39:39 runner 2 connected 2025/08/06 23:39:39 runner 1 connected 2025/08/06 23:39:39 runner 5 connected 2025/08/06 23:39:39 runner 6 connected 2025/08/06 23:39:39 runner 8 connected 2025/08/06 23:39:39 runner 3 connected 2025/08/06 23:39:41 discovered 7697 source files, 338543 symbols 2025/08/06 23:39:41 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/06 23:39:41 coverage filter: tools/testing/selftests/kvm/include/kvm_util.h: [] 2025/08/06 23:39:41 coverage filter: tools/testing/selftests/kvm/include/x86/processor.h: [] 2025/08/06 23:39:41 coverage filter: tools/testing/selftests/kvm/lib/kvm_util.c: [] 2025/08/06 23:39:41 area "symbols": 15 PCs in the cover filter 2025/08/06 23:39:41 area "files": 0 PCs in the cover filter 2025/08/06 23:39:41 area "": 0 PCs in the cover filter 2025/08/06 23:39:41 executor cover filter: 0 PCs 2025/08/06 23:39:42 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/06 23:39:42 new: machine check complete 2025/08/06 23:39:45 executor cover filter: 0 PCs 2025/08/06 23:39:45 new: adding 1971 seeds 2025/08/06 23:39:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/06 23:39:47 base: machine check complete 2025/08/06 23:40:12 triaged 100.0% of the corpus 2025/08/06 23:40:12 triaged 100.0% of the corpus 2025/08/06 23:40:12 starting bug reproductions 2025/08/06 23:40:12 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/06 23:43:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 741, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 10, "coverage": 10464, "distributor delayed": 393, "distributor undelayed": 393, "distributor violated": 0, "exec candidate": 1971, "exec collide": 4397, "exec fuzz": 8022, "exec gen": 446, "exec hints": 1332, "exec inject": 0, "exec minimize": 9450, "exec retries": 1, "exec seeds": 2090, "exec smash": 9218, "exec total [base]": 23722, "exec total [new]": 44714, "exec triage": 1933, "executor restarts": 49, "fault jobs": 0, "fuzzer jobs": 864, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 152, "max signal": 10826, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5044, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 825, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 207, "reproducing": 0, "rpc recv": 828625772, "rpc sent": 70835504, "signal": 10134, "smash jobs": 703, "triage jobs": 9, "vm output": 203338, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/06 23:48:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 18, "corpus": 1013, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 29, "coverage": 12092, "distributor delayed": 537, "distributor undelayed": 537, "distributor violated": 0, "exec candidate": 1971, "exec collide": 9208, "exec fuzz": 17362, "exec gen": 929, "exec hints": 3334, "exec inject": 0, "exec minimize": 13620, "exec retries": 1, "exec seeds": 2989, "exec smash": 20946, "exec total [base]": 39807, "exec total [new]": 78884, "exec triage": 2671, "executor restarts": 49, "fault jobs": 0, "fuzzer jobs": 501, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 115, "max signal": 12489, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6931, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1143, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 255, "reproducing": 0, "rpc recv": 1213400484, "rpc sent": 147301208, "signal": 11654, "smash jobs": 380, "triage jobs": 6, "vm output": 309483, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/06 23:48:48 new: boot error: can't ssh into the instance 2025/08/06 23:49:36 runner 7 connected 2025/08/06 23:53:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 28, "corpus": 1191, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 101, "coverage": 12702, "distributor delayed": 619, "distributor undelayed": 619, "distributor violated": 0, "exec candidate": 1971, "exec collide": 14574, "exec fuzz": 27419, "exec gen": 1436, "exec hints": 7654, "exec inject": 0, "exec minimize": 16442, "exec retries": 1, "exec seeds": 3562, "exec smash": 29603, "exec total [base]": 53797, "exec total [new]": 111647, "exec triage": 3130, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 8, "max signal": 13096, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8161, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1349, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 261, "reproducing": 0, "rpc recv": 1486977732, "rpc sent": 221986208, "signal": 12202, "smash jobs": 10, "triage jobs": 6, "vm output": 483380, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/06 23:58:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 49, "corpus": 1303, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 128, "coverage": 13104, "distributor delayed": 668, "distributor undelayed": 668, "distributor violated": 0, "exec candidate": 1971, "exec collide": 22155, "exec fuzz": 41776, "exec gen": 2182, "exec hints": 9543, "exec inject": 0, "exec minimize": 18523, "exec retries": 1, "exec seeds": 3908, "exec smash": 32494, "exec total [base]": 66415, "exec total [new]": 141880, "exec triage": 3471, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13541, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9107, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1490, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 275, "reproducing": 0, "rpc recv": 1689715768, "rpc sent": 301223040, "signal": 12599, "smash jobs": 7, "triage jobs": 7, "vm output": 704619, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 00:03:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 57, "corpus": 1403, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 155, "coverage": 13365, "distributor delayed": 711, "distributor undelayed": 711, "distributor violated": 0, "exec candidate": 1971, "exec collide": 30137, "exec fuzz": 56858, "exec gen": 2958, "exec hints": 9980, "exec inject": 0, "exec minimize": 20319, "exec retries": 1, "exec seeds": 4208, "exec smash": 35005, "exec total [base]": 78270, "exec total [new]": 171004, "exec triage": 3711, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13827, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9927, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1598, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 1843843624, "rpc sent": 382268384, "signal": 12852, "smash jobs": 9, "triage jobs": 4, "vm output": 883410, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 00:08:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 70, "corpus": 1486, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 177, "coverage": 13588, "distributor delayed": 750, "distributor undelayed": 750, "distributor violated": 0, "exec candidate": 1971, "exec collide": 37682, "exec fuzz": 71495, "exec gen": 3733, "exec hints": 10555, "exec inject": 0, "exec minimize": 21962, "exec retries": 1, "exec seeds": 4457, "exec smash": 37087, "exec total [base]": 89469, "exec total [new]": 198733, "exec triage": 3935, "executor restarts": 52, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14091, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10707, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1692, "no exec duration": 14217000000, "no exec requests": 88, "pending": 0, "prog exec time": 315, "reproducing": 0, "rpc recv": 2000551912, "rpc sent": 464525200, "signal": 13077, "smash jobs": 5, "triage jobs": 5, "vm output": 1108990, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 00:10:12 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/07 00:10:12 syz-diff (base): kernel context loop terminated 2025/08/07 00:10:12 syz-diff (new): kernel context loop terminated 2025/08/07 00:10:12 diff fuzzing terminated 2025/08/07 00:10:12 bug reporting terminated 2025/08/07 00:10:12 status reporting terminated 2025/08/07 00:10:12 fuzzing is finished 2025/08/07 00:10:12 status at the end: Title On-Base On-Patched