2025/08/17 13:06:49 extracted 303751 symbol hashes for base and 303751 for patched 2025/08/17 13:06:49 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/17 13:06:49 adding directly modified files to focus areas: ["arch/arm64/include/asm/kvm_host.h" "arch/arm64/kvm/hyp/exception.c" "arch/arm64/kvm/sys_regs.c"] 2025/08/17 13:06:50 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/17 13:07:47 runner 4 connected 2025/08/17 13:07:47 runner 2 connected 2025/08/17 13:07:47 runner 5 connected 2025/08/17 13:07:47 runner 9 connected 2025/08/17 13:07:47 runner 3 connected 2025/08/17 13:07:48 runner 1 connected 2025/08/17 13:07:48 runner 0 connected 2025/08/17 13:07:48 runner 1 connected 2025/08/17 13:07:48 runner 2 connected 2025/08/17 13:07:48 runner 3 connected 2025/08/17 13:07:48 runner 7 connected 2025/08/17 13:07:49 runner 6 connected 2025/08/17 13:07:54 initializing coverage information... 2025/08/17 13:07:54 executor cover filter: 0 PCs 2025/08/17 13:07:56 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/17 13:07:56 base: machine check complete 2025/08/17 13:07:58 discovered 7699 source files, 338620 symbols 2025/08/17 13:07:58 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/17 13:07:58 coverage filter: arch/arm64/include/asm/kvm_host.h: [] 2025/08/17 13:07:58 coverage filter: arch/arm64/kvm/hyp/exception.c: [] 2025/08/17 13:07:58 coverage filter: arch/arm64/kvm/sys_regs.c: [] 2025/08/17 13:07:58 area "symbols": 15 PCs in the cover filter 2025/08/17 13:07:58 area "files": 0 PCs in the cover filter 2025/08/17 13:07:58 area "": 0 PCs in the cover filter 2025/08/17 13:07:58 executor cover filter: 0 PCs 2025/08/17 13:08:00 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/17 13:08:00 new: machine check complete 2025/08/17 13:08:03 new: adding 2322 seeds 2025/08/17 13:08:21 triaged 97.2% of the corpus 2025/08/17 13:08:21 starting bug reproductions 2025/08/17 13:08:21 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/17 13:08:51 triaged 100.0% of the corpus 2025/08/17 13:11:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 684, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9502, "distributor delayed": 465, "distributor undelayed": 465, "distributor violated": 0, "exec candidate": 2322, "exec collide": 3562, "exec fuzz": 6917, "exec gen": 350, "exec hints": 994, "exec inject": 0, "exec minimize": 9170, "exec retries": 0, "exec seeds": 1890, "exec smash": 7780, "exec total [base]": 25229, "exec total [new]": 41713, "exec triage": 1834, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 753, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 8, "hints jobs": 154, "max signal": 9876, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5002, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 773, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 201, "reproducing": 0, "rpc recv": 749781396, "rpc sent": 67886608, "signal": 9064, "smash jobs": 592, "triage jobs": 7, "vm output": 172817, "vm restarts [base]": 4, "vm restarts [new]": 8 } 2025/08/17 13:16:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 954, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 11459, "distributor delayed": 639, "distributor undelayed": 639, "distributor violated": 0, "exec candidate": 2322, "exec collide": 8378, "exec fuzz": 16141, "exec gen": 812, "exec hints": 2883, "exec inject": 0, "exec minimize": 13307, "exec retries": 0, "exec seeds": 2782, "exec smash": 19505, "exec total [base]": 42567, "exec total [new]": 75574, "exec triage": 2549, "executor restarts": 47, "fault jobs": 0, "fuzzer jobs": 520, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 8, "hints jobs": 124, "max signal": 11841, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7010, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1091, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 222, "reproducing": 0, "rpc recv": 1041208888, "rpc sent": 155930152, "signal": 10955, "smash jobs": 389, "triage jobs": 7, "vm output": 325980, "vm restarts [base]": 4, "vm restarts [new]": 8 } 2025/08/17 13:16:57 new: boot error: can't ssh into the instance 2025/08/17 13:16:57 new: boot error: can't ssh into the instance 2025/08/17 13:17:47 runner 0 connected 2025/08/17 13:17:48 runner 8 connected 2025/08/17 13:21:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 33, "corpus": 1201, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12558, "distributor delayed": 775, "distributor undelayed": 775, "distributor violated": 0, "exec candidate": 2322, "exec collide": 13790, "exec fuzz": 26297, "exec gen": 1304, "exec hints": 6365, "exec inject": 0, "exec minimize": 17139, "exec retries": 0, "exec seeds": 3598, "exec smash": 29867, "exec total [base]": 57965, "exec total [new]": 110838, "exec triage": 3256, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 12995, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8738, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1394, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 281, "reproducing": 0, "rpc recv": 1462887024, "rpc sent": 251555936, "signal": 12023, "smash jobs": 12, "triage jobs": 6, "vm output": 657672, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 13:26:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 53, "corpus": 1318, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 12857, "distributor delayed": 832, "distributor undelayed": 832, "distributor violated": 0, "exec candidate": 2322, "exec collide": 22045, "exec fuzz": 41829, "exec gen": 2131, "exec hints": 6967, "exec inject": 0, "exec minimize": 19082, "exec retries": 0, "exec seeds": 3954, "exec smash": 32895, "exec total [base]": 70656, "exec total [new]": 141715, "exec triage": 3590, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 10, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 0, "max signal": 13395, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9632, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1534, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 302, "reproducing": 0, "rpc recv": 1647961540, "rpc sent": 343583496, "signal": 12325, "smash jobs": 6, "triage jobs": 4, "vm output": 962933, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 13:31:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1419, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 13142, "distributor delayed": 874, "distributor undelayed": 874, "distributor violated": 0, "exec candidate": 2322, "exec collide": 30257, "exec fuzz": 56971, "exec gen": 2932, "exec hints": 8629, "exec inject": 0, "exec minimize": 20583, "exec retries": 0, "exec seeds": 4262, "exec smash": 35479, "exec total [base]": 83108, "exec total [new]": 172172, "exec triage": 3837, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 9, "max signal": 13693, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10303, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1646, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 293, "reproducing": 0, "rpc recv": 1804335064, "rpc sent": 431342832, "signal": 12603, "smash jobs": 3, "triage jobs": 3, "vm output": 1221969, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 13:36:51 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 79, "corpus": 1517, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 13673, "distributor delayed": 923, "distributor undelayed": 923, "distributor violated": 0, "exec candidate": 2322, "exec collide": 37703, "exec fuzz": 71099, "exec gen": 3653, "exec hints": 9348, "exec inject": 0, "exec minimize": 22336, "exec retries": 0, "exec seeds": 4557, "exec smash": 37926, "exec total [base]": 94591, "exec total [new]": 199950, "exec triage": 4107, "executor restarts": 53, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 1, "max signal": 14261, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11107, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1760, "no exec duration": 23112000000, "no exec requests": 44, "pending": 0, "prog exec time": 388, "reproducing": 0, "rpc recv": 1975207804, "rpc sent": 512400200, "signal": 13114, "smash jobs": 3, "triage jobs": 5, "vm output": 1449723, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 13:38:51 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/17 13:38:51 syz-diff (base): kernel context loop terminated 2025/08/17 13:38:51 syz-diff (new): kernel context loop terminated 2025/08/17 13:38:51 diff fuzzing terminated 2025/08/17 13:38:51 bug reporting terminated 2025/08/17 13:38:51 status reporting terminated 2025/08/17 13:38:51 fuzzing is finished 2025/08/17 13:38:51 status at the end: Title On-Base On-Patched