2025/07/31 23:06:38 extracted 302733 symbol hashes for base and 302733 for patched 2025/07/31 23:06:38 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/07/31 23:06:38 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 23:06:38 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 23:06:38 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 23:06:38 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 23:06:38 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 23:06:38 adding directly modified files to focus areas: ["Documentation/virt/kvm/api.rst" "arch/arm64/include/asm/kvm_emulate.h" "arch/arm64/include/uapi/asm/kvm.h" "arch/arm64/kvm/arm.c" "arch/arm64/kvm/emulate-nested.c" "arch/arm64/kvm/guest.c" "arch/arm64/kvm/inject_fault.c" "include/uapi/linux/kvm.h" "tools/arch/arm64/include/uapi/asm/kvm.h" "tools/testing/selftests/kvm/arm64/external_aborts.c" "tools/testing/selftests/kvm/arm64/inject_iabt.c"] 2025/07/31 23:06:40 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/07/31 23:07:30 runner 5 connected 2025/07/31 23:07:30 runner 3 connected 2025/07/31 23:07:30 runner 1 connected 2025/07/31 23:07:36 initializing coverage information... 2025/07/31 23:07:37 runner 8 connected 2025/07/31 23:07:37 runner 2 connected 2025/07/31 23:07:37 runner 0 connected 2025/07/31 23:07:37 runner 7 connected 2025/07/31 23:07:37 runner 6 connected 2025/07/31 23:07:37 runner 0 connected 2025/07/31 23:07:38 runner 3 connected 2025/07/31 23:07:38 runner 1 connected 2025/07/31 23:07:38 runner 2 connected 2025/07/31 23:07:40 discovered 7668 source files, 337507 symbols 2025/07/31 23:07:40 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/07/31 23:07:40 coverage filter: Documentation/virt/kvm/api.rst: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/include/asm/kvm_emulate.h: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/include/uapi/asm/kvm.h: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/kvm/arm.c: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/kvm/emulate-nested.c: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/kvm/guest.c: [] 2025/07/31 23:07:40 coverage filter: arch/arm64/kvm/inject_fault.c: [] 2025/07/31 23:07:40 coverage filter: include/uapi/linux/kvm.h: [] 2025/07/31 23:07:40 coverage filter: tools/arch/arm64/include/uapi/asm/kvm.h: [] 2025/07/31 23:07:40 coverage filter: tools/testing/selftests/kvm/arm64/external_aborts.c: [] 2025/07/31 23:07:40 coverage filter: tools/testing/selftests/kvm/arm64/inject_iabt.c: [] 2025/07/31 23:07:40 area "symbols": 15 PCs in the cover filter 2025/07/31 23:07:40 area "files": 0 PCs in the cover filter 2025/07/31 23:07:40 area "": 0 PCs in the cover filter 2025/07/31 23:07:40 executor cover filter: 0 PCs 2025/07/31 23:07:43 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 23:07:43 new: machine check complete 2025/07/31 23:07:44 executor cover filter: 0 PCs 2025/07/31 23:07:46 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 23:07:46 base: machine check complete 2025/07/31 23:07:46 new: adding 2126 seeds 2025/07/31 23:08:11 triaged 100.0% of the corpus 2025/07/31 23:08:11 triaged 100.0% of the corpus 2025/07/31 23:08:11 starting bug reproductions 2025/07/31 23:08:11 starting bug reproductions (max 10 VMs, 7 repros) 2025/07/31 23:11:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 716, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 9564, "distributor delayed": 490, "distributor undelayed": 490, "distributor violated": 0, "exec candidate": 2126, "exec collide": 3721, "exec fuzz": 6919, "exec gen": 369, "exec hints": 1195, "exec inject": 0, "exec minimize": 9393, "exec retries": 0, "exec seeds": 1990, "exec smash": 7579, "exec total [base]": 25658, "exec total [new]": 41605, "exec triage": 1984, "executor restarts": 44, "fault jobs": 0, "fuzzer jobs": 877, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 8, "hints jobs": 167, "max signal": 10443, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5044, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 840, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 771006436, "rpc sent": 69385560, "signal": 9090, "smash jobs": 698, "triage jobs": 12, "vm output": 184791, "vm restarts [base]": 4, "vm restarts [new]": 8 } 2025/07/31 23:16:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 955, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 11701, "distributor delayed": 668, "distributor undelayed": 668, "distributor violated": 0, "exec candidate": 2126, "exec collide": 7819, "exec fuzz": 14690, "exec gen": 812, "exec hints": 2675, "exec inject": 0, "exec minimize": 13682, "exec retries": 0, "exec seeds": 2798, "exec smash": 17594, "exec total [base]": 41292, "exec total [new]": 71267, "exec triage": 2742, "executor restarts": 44, "fault jobs": 0, "fuzzer jobs": 762, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 8, "hints jobs": 156, "max signal": 12163, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7058, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1152, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 225, "reproducing": 0, "rpc recv": 1116839888, "rpc sent": 146235888, "signal": 11162, "smash jobs": 596, "triage jobs": 10, "vm output": 267374, "vm restarts [base]": 4, "vm restarts [new]": 8 } 2025/07/31 23:17:35 runner 4 connected 2025/07/31 23:17:43 runner 9 connected 2025/07/31 23:21:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1122, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12192, "distributor delayed": 752, "distributor undelayed": 752, "distributor violated": 0, "exec candidate": 2126, "exec collide": 12259, "exec fuzz": 23077, "exec gen": 1257, "exec hints": 5571, "exec inject": 0, "exec minimize": 16637, "exec retries": 0, "exec seeds": 3368, "exec smash": 27400, "exec total [base]": 54428, "exec total [new]": 101250, "exec triage": 3223, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 122, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 36, "max signal": 12698, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8338, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1353, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 364, "reproducing": 0, "rpc recv": 1467022372, "rpc sent": 224839008, "signal": 11591, "smash jobs": 76, "triage jobs": 10, "vm output": 450473, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 23:26:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1263, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12672, "distributor delayed": 826, "distributor undelayed": 826, "distributor violated": 0, "exec candidate": 2126, "exec collide": 18383, "exec fuzz": 34552, "exec gen": 1875, "exec hints": 10008, "exec inject": 0, "exec minimize": 19073, "exec retries": 0, "exec seeds": 3800, "exec smash": 31567, "exec total [base]": 66770, "exec total [new]": 131326, "exec triage": 3609, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13230, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9410, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1520, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 333, "reproducing": 0, "rpc recv": 1705369408, "rpc sent": 308659392, "signal": 12052, "smash jobs": 8, "triage jobs": 5, "vm output": 625968, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 23:31:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1350, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12991, "distributor delayed": 878, "distributor undelayed": 878, "distributor violated": 0, "exec candidate": 2126, "exec collide": 25694, "exec fuzz": 48750, "exec gen": 2529, "exec hints": 10779, "exec inject": 0, "exec minimize": 20549, "exec retries": 0, "exec seeds": 4062, "exec smash": 33801, "exec total [base]": 77943, "exec total [new]": 158496, "exec triage": 3873, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13580, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10077, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1630, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 337, "reproducing": 0, "rpc recv": 1847424844, "rpc sent": 402475272, "signal": 12329, "smash jobs": 4, "triage jobs": 5, "vm output": 771399, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 23:36:41 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1428, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13460, "distributor delayed": 919, "distributor undelayed": 919, "distributor violated": 0, "exec candidate": 2126, "exec collide": 33456, "exec fuzz": 63464, "exec gen": 3271, "exec hints": 11045, "exec inject": 0, "exec minimize": 21933, "exec retries": 0, "exec seeds": 4296, "exec smash": 35721, "exec total [base]": 88861, "exec total [new]": 185767, "exec triage": 4121, "executor restarts": 50, "fault jobs": 0, "fuzzer jobs": 21, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14044, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10717, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1737, "no exec duration": 18753000000, "no exec requests": 60, "pending": 0, "prog exec time": 359, "reproducing": 0, "rpc recv": 1969134344, "rpc sent": 495147232, "signal": 12738, "smash jobs": 9, "triage jobs": 11, "vm output": 914931, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 23:38:11 fuzzer has not reached the modified code in 30m0s, aborting 2025/07/31 23:38:11 syz-diff (base): kernel context loop terminated 2025/07/31 23:38:11 syz-diff (new): kernel context loop terminated 2025/07/31 23:38:11 diff fuzzing terminated 2025/07/31 23:38:11 status reporting terminated 2025/07/31 23:38:11 bug reporting terminated 2025/07/31 23:38:11 fuzzing is finished 2025/07/31 23:38:11 status at the end: Title On-Base On-Patched