2025/08/07 12:30:26 extracted 303683 symbol hashes for base and 303683 for patched 2025/08/07 12:30:27 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/07 12:30:27 adding directly modified files to focus areas: ["arch/riscv/kvm/vcpu.c"] 2025/08/07 12:30:28 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/07 12:31:18 runner 3 connected 2025/08/07 12:31:19 runner 5 connected 2025/08/07 12:31:19 runner 9 connected 2025/08/07 12:31:25 executor cover filter: 0 PCs 2025/08/07 12:31:25 initializing coverage information... 2025/08/07 12:31:25 runner 2 connected 2025/08/07 12:31:25 runner 8 connected 2025/08/07 12:31:25 runner 4 connected 2025/08/07 12:31:25 runner 1 connected 2025/08/07 12:31:25 runner 1 connected 2025/08/07 12:31:25 runner 6 connected 2025/08/07 12:31:26 runner 7 connected 2025/08/07 12:31:26 runner 2 connected 2025/08/07 12:31:26 runner 0 connected 2025/08/07 12:31:26 runner 0 connected 2025/08/07 12:31:28 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/07 12:31:28 base: machine check complete 2025/08/07 12:31:31 discovered 7697 source files, 338543 symbols 2025/08/07 12:31:31 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/07 12:31:31 coverage filter: arch/riscv/kvm/vcpu.c: [] 2025/08/07 12:31:31 area "symbols": 15 PCs in the cover filter 2025/08/07 12:31:31 area "files": 0 PCs in the cover filter 2025/08/07 12:31:31 area "": 0 PCs in the cover filter 2025/08/07 12:31:31 executor cover filter: 0 PCs 2025/08/07 12:31:33 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/07 12:31:33 new: machine check complete 2025/08/07 12:31:36 new: adding 1913 seeds 2025/08/07 12:31:59 triaged 100.0% of the corpus 2025/08/07 12:31:59 triaged 100.0% of the corpus 2025/08/07 12:31:59 starting bug reproductions 2025/08/07 12:31:59 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/07 12:35:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 701, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9938, "distributor delayed": 413, "distributor undelayed": 413, "distributor violated": 0, "exec candidate": 1913, "exec collide": 4037, "exec fuzz": 7531, "exec gen": 376, "exec hints": 1266, "exec inject": 0, "exec minimize": 9357, "exec retries": 0, "exec seeds": 1999, "exec smash": 8459, "exec total [base]": 22531, "exec total [new]": 42436, "exec triage": 1810, "executor restarts": 45, "fault jobs": 0, "fuzzer jobs": 831, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 145, "max signal": 10308, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4989, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 775, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 238, "reproducing": 0, "rpc recv": 815746192, "rpc sent": 66532840, "signal": 9517, "smash jobs": 671, "triage jobs": 15, "vm output": 192842, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/07 12:40:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 17, "corpus": 995, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11465, "distributor delayed": 559, "distributor undelayed": 559, "distributor violated": 0, "exec candidate": 1913, "exec collide": 9439, "exec fuzz": 17891, "exec gen": 874, "exec hints": 3755, "exec inject": 0, "exec minimize": 14150, "exec retries": 0, "exec seeds": 2936, "exec smash": 21303, "exec total [base]": 39790, "exec total [new]": 80467, "exec triage": 2519, "executor restarts": 45, "fault jobs": 0, "fuzzer jobs": 440, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 113, "max signal": 11907, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7270, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1099, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 206, "reproducing": 0, "rpc recv": 1158798012, "rpc sent": 174266112, "signal": 10961, "smash jobs": 316, "triage jobs": 11, "vm output": 293907, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/07 12:40:35 new: boot error: can't ssh into the instance 2025/08/07 12:41:24 runner 3 connected 2025/08/07 12:45:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 40, "corpus": 1208, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12645, "distributor delayed": 644, "distributor undelayed": 644, "distributor violated": 0, "exec candidate": 1913, "exec collide": 15388, "exec fuzz": 29455, "exec gen": 1466, "exec hints": 8265, "exec inject": 0, "exec minimize": 17708, "exec retries": 0, "exec seeds": 3619, "exec smash": 30047, "exec total [base]": 54997, "exec total [new]": 116610, "exec triage": 3059, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 28, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 10, "max signal": 13261, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8930, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1339, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 419, "reproducing": 0, "rpc recv": 1497724732, "rpc sent": 276032856, "signal": 12128, "smash jobs": 11, "triage jobs": 7, "vm output": 488207, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 12:50:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 44, "corpus": 1349, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 13016, "distributor delayed": 710, "distributor undelayed": 710, "distributor violated": 0, "exec candidate": 1913, "exec collide": 23108, "exec fuzz": 44281, "exec gen": 2242, "exec hints": 10556, "exec inject": 0, "exec minimize": 20081, "exec retries": 0, "exec seeds": 4042, "exec smash": 33574, "exec total [base]": 68309, "exec total [new]": 148900, "exec triage": 3414, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13644, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9988, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1500, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 301, "reproducing": 0, "rpc recv": 1710582120, "rpc sent": 368458640, "signal": 12485, "smash jobs": 8, "triage jobs": 7, "vm output": 650206, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 12:55:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 60, "corpus": 1458, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 7, "coverage": 13374, "distributor delayed": 753, "distributor undelayed": 753, "distributor violated": 0, "exec candidate": 1913, "exec collide": 30940, "exec fuzz": 59085, "exec gen": 3008, "exec hints": 11620, "exec inject": 0, "exec minimize": 22000, "exec retries": 0, "exec seeds": 4368, "exec smash": 36371, "exec total [base]": 80526, "exec total [new]": 178657, "exec triage": 3663, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13986, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10843, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1611, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 366, "reproducing": 0, "rpc recv": 1901472364, "rpc sent": 460044000, "signal": 12845, "smash jobs": 6, "triage jobs": 5, "vm output": 805209, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 13:00:29 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 69, "corpus": 1533, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 20, "coverage": 13527, "distributor delayed": 784, "distributor undelayed": 784, "distributor violated": 0, "exec candidate": 1913, "exec collide": 39157, "exec fuzz": 74611, "exec gen": 3836, "exec hints": 12147, "exec inject": 0, "exec minimize": 23317, "exec retries": 0, "exec seeds": 4596, "exec smash": 38238, "exec total [base]": 92088, "exec total [new]": 207349, "exec triage": 3842, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14155, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11437, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1689, "no exec duration": 11003000000, "no exec requests": 12, "pending": 0, "prog exec time": 314, "reproducing": 0, "rpc recv": 2034469172, "rpc sent": 552620240, "signal": 12986, "smash jobs": 5, "triage jobs": 1, "vm output": 957865, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/07 13:01:59 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/07 13:01:59 syz-diff (base): kernel context loop terminated 2025/08/07 13:01:59 syz-diff (new): kernel context loop terminated 2025/08/07 13:01:59 diff fuzzing terminated 2025/08/07 13:01:59 bug reporting terminated 2025/08/07 13:01:59 status reporting terminated 2025/08/07 13:01:59 fuzzing is finished 2025/08/07 13:01:59 status at the end: Title On-Base On-Patched