2025/08/09 15:34:22 extracted 303683 symbol hashes for base and 303683 for patched 2025/08/09 15:34:22 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/09 15:34:22 adding directly modified files to focus areas: ["arch/arm64/include/asm/kvm_host.h" "arch/arm64/kvm/at.c" "arch/arm64/kvm/sys_regs.c"] 2025/08/09 15:34:23 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/09 15:35:13 runner 8 connected 2025/08/09 15:35:13 runner 3 connected 2025/08/09 15:35:13 runner 5 connected 2025/08/09 15:35:13 runner 1 connected 2025/08/09 15:35:13 runner 3 connected 2025/08/09 15:35:13 runner 7 connected 2025/08/09 15:35:13 runner 4 connected 2025/08/09 15:35:14 runner 0 connected 2025/08/09 15:35:14 runner 9 connected 2025/08/09 15:35:14 runner 1 connected 2025/08/09 15:35:14 runner 2 connected 2025/08/09 15:35:14 runner 2 connected 2025/08/09 15:35:14 runner 6 connected 2025/08/09 15:35:15 runner 0 connected 2025/08/09 15:35:19 initializing coverage information... 2025/08/09 15:35:20 executor cover filter: 0 PCs 2025/08/09 15:35:22 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/09 15:35:22 base: machine check complete 2025/08/09 15:35:25 discovered 7697 source files, 338543 symbols 2025/08/09 15:35:26 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/09 15:35:26 coverage filter: arch/arm64/include/asm/kvm_host.h: [] 2025/08/09 15:35:26 coverage filter: arch/arm64/kvm/at.c: [] 2025/08/09 15:35:26 coverage filter: arch/arm64/kvm/sys_regs.c: [] 2025/08/09 15:35:26 area "symbols": 15 PCs in the cover filter 2025/08/09 15:35:26 area "files": 0 PCs in the cover filter 2025/08/09 15:35:26 area "": 0 PCs in the cover filter 2025/08/09 15:35:26 executor cover filter: 0 PCs 2025/08/09 15:35:27 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/09 15:35:27 new: machine check complete 2025/08/09 15:35:31 new: adding 2078 seeds 2025/08/09 15:35:55 triaged 100.0% of the corpus 2025/08/09 15:35:55 triaged 100.0% of the corpus 2025/08/09 15:35:55 starting bug reproductions 2025/08/09 15:35:55 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/09 15:39:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 19, "corpus": 818, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 5, "coverage": 10666, "distributor delayed": 476, "distributor undelayed": 476, "distributor violated": 0, "exec candidate": 2078, "exec collide": 4752, "exec fuzz": 9115, "exec gen": 473, "exec hints": 1477, "exec inject": 0, "exec minimize": 10906, "exec retries": 0, "exec seeds": 2271, "exec smash": 10363, "exec total [base]": 23909, "exec total [new]": 49763, "exec triage": 2149, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 920, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 189, "max signal": 11198, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5607, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 921, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 318, "reproducing": 0, "rpc recv": 977185168, "rpc sent": 86181512, "signal": 10298, "smash jobs": 718, "triage jobs": 13, "vm output": 253176, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 15:44:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 45, "corpus": 1075, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 21, "coverage": 11999, "distributor delayed": 588, "distributor undelayed": 588, "distributor violated": 0, "exec candidate": 2078, "exec collide": 10104, "exec fuzz": 19261, "exec gen": 1044, "exec hints": 3938, "exec inject": 0, "exec minimize": 14938, "exec retries": 0, "exec seeds": 3157, "exec smash": 23088, "exec total [base]": 39231, "exec total [new]": 86622, "exec triage": 2833, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 457, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 102, "max signal": 12447, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7417, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1220, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 257, "reproducing": 0, "rpc recv": 1371418384, "rpc sent": 179551480, "signal": 11551, "smash jobs": 348, "triage jobs": 7, "vm output": 393267, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 15:49:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 97, "corpus": 1284, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 48, "coverage": 12635, "distributor delayed": 693, "distributor undelayed": 693, "distributor violated": 0, "exec candidate": 2078, "exec collide": 15063, "exec fuzz": 28444, "exec gen": 1555, "exec hints": 7965, "exec inject": 0, "exec minimize": 19028, "exec retries": 0, "exec seeds": 3819, "exec smash": 31799, "exec total [base]": 52728, "exec total [new]": 119359, "exec triage": 3428, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 9, "max signal": 13205, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9222, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1476, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 235, "reproducing": 0, "rpc recv": 1731529272, "rpc sent": 270260096, "signal": 12213, "smash jobs": 4, "triage jobs": 7, "vm output": 576425, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 15:54:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 121, "corpus": 1385, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 68, "coverage": 13021, "distributor delayed": 735, "distributor undelayed": 735, "distributor violated": 0, "exec candidate": 2078, "exec collide": 22480, "exec fuzz": 42253, "exec gen": 2270, "exec hints": 9674, "exec inject": 0, "exec minimize": 21281, "exec retries": 0, "exec seeds": 4128, "exec smash": 34302, "exec total [base]": 64965, "exec total [new]": 148397, "exec triage": 3751, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13667, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10324, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1610, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 320, "reproducing": 0, "rpc recv": 1934442328, "rpc sent": 356846672, "signal": 12578, "smash jobs": 9, "triage jobs": 11, "vm output": 777950, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 15:59:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 130, "corpus": 1463, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 100, "coverage": 13240, "distributor delayed": 791, "distributor undelayed": 791, "distributor violated": 0, "exec candidate": 2078, "exec collide": 30251, "exec fuzz": 56811, "exec gen": 3040, "exec hints": 10500, "exec inject": 0, "exec minimize": 22828, "exec retries": 0, "exec seeds": 4365, "exec smash": 36293, "exec total [base]": 76544, "exec total [new]": 176355, "exec triage": 4008, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14056, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11052, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1713, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 342, "reproducing": 0, "rpc recv": 2084302524, "rpc sent": 448136968, "signal": 12781, "smash jobs": 6, "triage jobs": 7, "vm output": 912646, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 16:04:25 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 139, "corpus": 1536, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 180, "coverage": 13606, "distributor delayed": 819, "distributor undelayed": 819, "distributor violated": 0, "exec candidate": 2078, "exec collide": 38075, "exec fuzz": 71400, "exec gen": 3819, "exec hints": 10886, "exec inject": 0, "exec minimize": 24419, "exec retries": 0, "exec seeds": 4590, "exec smash": 38184, "exec total [base]": 87827, "exec total [new]": 203859, "exec triage": 4227, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14589, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11834, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1805, "no exec duration": 19211000000, "no exec requests": 59, "pending": 0, "prog exec time": 337, "reproducing": 0, "rpc recv": 2221558056, "rpc sent": 537837176, "signal": 13130, "smash jobs": 8, "triage jobs": 4, "vm output": 1102730, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/09 16:05:55 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/09 16:05:55 syz-diff (base): kernel context loop terminated 2025/08/09 16:05:55 syz-diff (new): kernel context loop terminated 2025/08/09 16:05:55 diff fuzzing terminated 2025/08/09 16:05:55 bug reporting terminated 2025/08/09 16:05:55 status reporting terminated 2025/08/09 16:05:55 fuzzing is finished 2025/08/09 16:05:55 status at the end: Title On-Base On-Patched