2025/08/17 21:08:38 extracted 303751 symbol hashes for base and 303751 for patched 2025/08/17 21:08:38 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/08/17 21:08:38 adding directly modified files to focus areas: ["arch/arm64/include/asm/sysreg.h" "arch/arm64/kernel/cpufeature.c" "arch/arm64/kvm/arm.c" "arch/arm64/kvm/hyp/vhe/switch.c" "arch/arm64/kvm/nested.c" "arch/arm64/kvm/sys_regs.c" "arch/arm64/tools/cpucaps" "tools/arch/arm64/include/asm/sysreg.h" "tools/testing/selftests/kvm/arm64/aarch32_id_regs.c" "tools/testing/selftests/kvm/arm64/debug-exceptions.c" "tools/testing/selftests/kvm/arm64/no-vgic-v3.c" "tools/testing/selftests/kvm/arm64/page_fault_test.c" "tools/testing/selftests/kvm/arm64/set_id_regs.c" "tools/testing/selftests/kvm/arm64/vpmu_counter_access.c" "tools/testing/selftests/kvm/lib/arm64/processor.c"] 2025/08/17 21:08:40 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/08/17 21:09:38 runner 4 connected 2025/08/17 21:09:38 runner 3 connected 2025/08/17 21:09:38 runner 1 connected 2025/08/17 21:09:38 runner 3 connected 2025/08/17 21:09:38 runner 0 connected 2025/08/17 21:09:38 runner 1 connected 2025/08/17 21:09:38 runner 2 connected 2025/08/17 21:09:38 runner 7 connected 2025/08/17 21:09:44 runner 6 connected 2025/08/17 21:09:45 runner 0 connected 2025/08/17 21:09:45 initializing coverage information... 2025/08/17 21:09:45 executor cover filter: 0 PCs 2025/08/17 21:09:46 runner 8 connected 2025/08/17 21:09:46 runner 5 connected 2025/08/17 21:09:46 runner 2 connected 2025/08/17 21:09:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/17 21:09:47 base: machine check complete 2025/08/17 21:09:51 discovered 7699 source files, 338620 symbols 2025/08/17 21:09:51 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/08/17 21:09:51 coverage filter: arch/arm64/include/asm/sysreg.h: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/kernel/cpufeature.c: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/kvm/arm.c: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/kvm/hyp/vhe/switch.c: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/kvm/nested.c: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/kvm/sys_regs.c: [] 2025/08/17 21:09:51 coverage filter: arch/arm64/tools/cpucaps: [] 2025/08/17 21:09:51 coverage filter: tools/arch/arm64/include/asm/sysreg.h: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/aarch32_id_regs.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/debug-exceptions.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/no-vgic-v3.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/page_fault_test.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/set_id_regs.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/arm64/vpmu_counter_access.c: [] 2025/08/17 21:09:51 coverage filter: tools/testing/selftests/kvm/lib/arm64/processor.c: [] 2025/08/17 21:09:51 area "symbols": 15 PCs in the cover filter 2025/08/17 21:09:51 area "files": 0 PCs in the cover filter 2025/08/17 21:09:51 area "": 0 PCs in the cover filter 2025/08/17 21:09:51 executor cover filter: 0 PCs 2025/08/17 21:09:52 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/08/17 21:09:52 new: machine check complete 2025/08/17 21:09:56 new: adding 2322 seeds 2025/08/17 21:10:12 triaged 97.2% of the corpus 2025/08/17 21:10:12 starting bug reproductions 2025/08/17 21:10:12 starting bug reproductions (max 10 VMs, 7 repros) 2025/08/17 21:10:42 triaged 100.0% of the corpus 2025/08/17 21:13:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 696, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9766, "distributor delayed": 391, "distributor undelayed": 391, "distributor violated": 0, "exec candidate": 2322, "exec collide": 3960, "exec fuzz": 7267, "exec gen": 402, "exec hints": 1219, "exec inject": 0, "exec minimize": 8755, "exec retries": 0, "exec seeds": 1964, "exec smash": 8194, "exec total [base]": 22570, "exec total [new]": 42828, "exec triage": 1835, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 821, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 139, "max signal": 10310, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 4768, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 786, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 210, "reproducing": 0, "rpc recv": 774013968, "rpc sent": 64212208, "signal": 9265, "smash jobs": 671, "triage jobs": 11, "vm output": 185893, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/17 21:18:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 5, "corpus": 985, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 2, "coverage": 11804, "distributor delayed": 531, "distributor undelayed": 531, "distributor violated": 0, "exec candidate": 2322, "exec collide": 9177, "exec fuzz": 17206, "exec gen": 966, "exec hints": 3453, "exec inject": 0, "exec minimize": 13291, "exec retries": 0, "exec seeds": 2897, "exec smash": 20746, "exec total [base]": 39506, "exec total [new]": 79590, "exec triage": 2623, "executor restarts": 48, "fault jobs": 0, "fuzzer jobs": 453, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 9, "hints jobs": 109, "max signal": 12483, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 6936, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1130, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 231, "reproducing": 0, "rpc recv": 1089401156, "rpc sent": 158300264, "signal": 11203, "smash jobs": 336, "triage jobs": 8, "vm output": 398361, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2025/08/17 21:18:47 new: boot error: can't ssh into the instance 2025/08/17 21:19:44 runner 9 connected 2025/08/17 21:23:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1190, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 50, "coverage": 12544, "distributor delayed": 648, "distributor undelayed": 648, "distributor violated": 0, "exec candidate": 2322, "exec collide": 14645, "exec fuzz": 27648, "exec gen": 1535, "exec hints": 7515, "exec inject": 0, "exec minimize": 16733, "exec retries": 0, "exec seeds": 3561, "exec smash": 29570, "exec total [base]": 54285, "exec total [new]": 113673, "exec triage": 3231, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 27, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 6, "max signal": 13297, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8488, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1384, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 335, "reproducing": 0, "rpc recv": 1438335288, "rpc sent": 241494848, "signal": 11866, "smash jobs": 9, "triage jobs": 12, "vm output": 703858, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 21:28:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 43, "corpus": 1311, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 79, "coverage": 12894, "distributor delayed": 698, "distributor undelayed": 698, "distributor violated": 0, "exec candidate": 2322, "exec collide": 21944, "exec fuzz": 41360, "exec gen": 2290, "exec hints": 9821, "exec inject": 0, "exec minimize": 19043, "exec retries": 0, "exec seeds": 3933, "exec smash": 32657, "exec total [base]": 66839, "exec total [new]": 143844, "exec triage": 3562, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13638, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9539, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1523, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 321, "reproducing": 0, "rpc recv": 1662792784, "rpc sent": 321248416, "signal": 12263, "smash jobs": 8, "triage jobs": 6, "vm output": 966193, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 21:33:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 55, "corpus": 1405, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 102, "coverage": 13138, "distributor delayed": 738, "distributor undelayed": 738, "distributor violated": 0, "exec candidate": 2322, "exec collide": 29567, "exec fuzz": 55870, "exec gen": 3056, "exec hints": 11104, "exec inject": 0, "exec minimize": 20721, "exec retries": 0, "exec seeds": 4213, "exec smash": 35047, "exec total [base]": 78710, "exec total [new]": 172630, "exec triage": 3816, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 3, "max signal": 13908, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10292, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1635, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 291, "reproducing": 0, "rpc recv": 1814911564, "rpc sent": 398621704, "signal": 12515, "smash jobs": 7, "triage jobs": 6, "vm output": 1143485, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 21:38:42 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 58, "corpus": 1476, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 127, "coverage": 13312, "distributor delayed": 764, "distributor undelayed": 764, "distributor violated": 0, "exec candidate": 2322, "exec collide": 37366, "exec fuzz": 70852, "exec gen": 3840, "exec hints": 12070, "exec inject": 0, "exec minimize": 21992, "exec retries": 0, "exec seeds": 4428, "exec smash": 36834, "exec total [base]": 90475, "exec total [new]": 200659, "exec triage": 4041, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 14133, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10900, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1729, "no exec duration": 20036000000, "no exec requests": 24, "pending": 0, "prog exec time": 318, "reproducing": 0, "rpc recv": 1940262172, "rpc sent": 473779904, "signal": 12662, "smash jobs": 4, "triage jobs": 8, "vm output": 1333483, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/08/17 21:40:42 fuzzer has not reached the modified code in 30m0s, aborting 2025/08/17 21:40:42 syz-diff (base): kernel context loop terminated 2025/08/17 21:40:42 syz-diff (new): kernel context loop terminated 2025/08/17 21:40:42 diff fuzzing terminated 2025/08/17 21:40:42 bug reporting terminated 2025/08/17 21:40:42 status reporting terminated 2025/08/17 21:40:42 fuzzing is finished 2025/08/17 21:40:42 status at the end: Title On-Base On-Patched