2025/07/31 14:12:56 extracted 302733 symbol hashes for base and 302733 for patched 2025/07/31 14:12:56 adding modified_functions to focus areas: ["nvmet_execute_disc_identify"] 2025/07/31 14:12:56 failed to grep for the header usages: failed to run ["/usr/bin/grep" "-rl" "--include" "*.c" ""]: exit status 1 2025/07/31 14:12:56 adding directly modified files to focus areas: ["arch/arm64/kvm/vgic/vgic-mmio-v3.c" "arch/arm64/kvm/vgic/vgic.h"] 2025/07/31 14:12:58 downloaded the corpus from https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db 2025/07/31 14:13:48 runner 6 connected 2025/07/31 14:13:48 runner 2 connected 2025/07/31 14:13:48 runner 8 connected 2025/07/31 14:13:48 runner 7 connected 2025/07/31 14:13:49 runner 3 connected 2025/07/31 14:13:49 runner 9 connected 2025/07/31 14:13:54 initializing coverage information... 2025/07/31 14:13:55 executor cover filter: 0 PCs 2025/07/31 14:13:55 runner 0 connected 2025/07/31 14:13:55 runner 0 connected 2025/07/31 14:13:55 runner 2 connected 2025/07/31 14:13:55 runner 5 connected 2025/07/31 14:13:55 runner 1 connected 2025/07/31 14:13:56 runner 4 connected 2025/07/31 14:13:56 runner 1 connected 2025/07/31 14:13:56 runner 3 connected 2025/07/31 14:13:58 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 14:13:58 base: machine check complete 2025/07/31 14:13:58 discovered 7668 source files, 337507 symbols 2025/07/31 14:13:59 coverage filter: nvmet_execute_disc_identify: [nvmet_execute_disc_identify] 2025/07/31 14:13:59 coverage filter: arch/arm64/kvm/vgic/vgic-mmio-v3.c: [] 2025/07/31 14:13:59 coverage filter: arch/arm64/kvm/vgic/vgic.h: [] 2025/07/31 14:13:59 area "symbols": 15 PCs in the cover filter 2025/07/31 14:13:59 area "files": 0 PCs in the cover filter 2025/07/31 14:13:59 area "": 0 PCs in the cover filter 2025/07/31 14:13:59 executor cover filter: 0 PCs 2025/07/31 14:14:00 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 165/8048 2025/07/31 14:14:00 new: machine check complete 2025/07/31 14:14:03 new: adding 2126 seeds 2025/07/31 14:14:29 triaged 100.0% of the corpus 2025/07/31 14:14:29 triaged 100.0% of the corpus 2025/07/31 14:14:29 starting bug reproductions 2025/07/31 14:14:29 starting bug reproductions (max 10 VMs, 7 repros) 2025/07/31 14:17:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 789, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 10476, "distributor delayed": 457, "distributor undelayed": 457, "distributor violated": 0, "exec candidate": 2126, "exec collide": 4734, "exec fuzz": 8952, "exec gen": 461, "exec hints": 1429, "exec inject": 0, "exec minimize": 10401, "exec retries": 0, "exec seeds": 2192, "exec smash": 10178, "exec total [base]": 23075, "exec total [new]": 48938, "exec triage": 2134, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 874, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 160, "max signal": 10872, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5458, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 916, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 205, "reproducing": 0, "rpc recv": 891689684, "rpc sent": 75860232, "signal": 9957, "smash jobs": 698, "triage jobs": 16, "vm output": 208859, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:22:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1067, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12094, "distributor delayed": 576, "distributor undelayed": 576, "distributor violated": 0, "exec candidate": 2126, "exec collide": 10078, "exec fuzz": 18978, "exec gen": 947, "exec hints": 3795, "exec inject": 0, "exec minimize": 15044, "exec retries": 0, "exec seeds": 3130, "exec smash": 22721, "exec total [base]": 38838, "exec total [new]": 86011, "exec triage": 2862, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 473, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 113, "max signal": 12483, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7542, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1235, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 285, "reproducing": 0, "rpc recv": 1267713816, "rpc sent": 158547616, "signal": 11545, "smash jobs": 353, "triage jobs": 7, "vm output": 418569, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:27:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1261, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12689, "distributor delayed": 652, "distributor undelayed": 652, "distributor violated": 0, "exec candidate": 2126, "exec collide": 15001, "exec fuzz": 28223, "exec gen": 1465, "exec hints": 7880, "exec inject": 0, "exec minimize": 18843, "exec retries": 0, "exec seeds": 3747, "exec smash": 31139, "exec total [base]": 52103, "exec total [new]": 118123, "exec triage": 3370, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 31, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 11, "max signal": 13076, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9254, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1465, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 271, "reproducing": 0, "rpc recv": 1579963984, "rpc sent": 234425008, "signal": 12157, "smash jobs": 8, "triage jobs": 12, "vm output": 653197, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:32:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1366, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 12951, "distributor delayed": 694, "distributor undelayed": 694, "distributor violated": 0, "exec candidate": 2126, "exec collide": 22157, "exec fuzz": 41887, "exec gen": 2140, "exec hints": 9903, "exec inject": 0, "exec minimize": 21009, "exec retries": 0, "exec seeds": 4068, "exec smash": 33789, "exec total [base]": 63745, "exec total [new]": 147027, "exec triage": 3615, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 4, "max signal": 13353, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10249, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1574, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 299, "reproducing": 0, "rpc recv": 1779580816, "rpc sent": 312978328, "signal": 12414, "smash jobs": 7, "triage jobs": 3, "vm output": 869375, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:37:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1439, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13153, "distributor delayed": 738, "distributor undelayed": 738, "distributor violated": 0, "exec candidate": 2126, "exec collide": 29975, "exec fuzz": 56829, "exec gen": 2941, "exec hints": 10946, "exec inject": 0, "exec minimize": 22348, "exec retries": 0, "exec seeds": 4284, "exec smash": 35630, "exec total [base]": 75478, "exec total [new]": 175248, "exec triage": 3836, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 5, "max signal": 13566, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10877, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1666, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 430, "reproducing": 0, "rpc recv": 1905249588, "rpc sent": 399317952, "signal": 12602, "smash jobs": 5, "triage jobs": 4, "vm output": 1046076, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:42:59 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "corpus": 1495, "corpus [files]": 0, "corpus [symbols]": 0, "coverage": 13283, "distributor delayed": 768, "distributor undelayed": 768, "distributor violated": 0, "exec candidate": 2126, "exec collide": 37944, "exec fuzz": 72086, "exec gen": 3777, "exec hints": 11513, "exec inject": 0, "exec minimize": 23366, "exec retries": 0, "exec seeds": 4452, "exec smash": 37054, "exec total [base]": 86884, "exec total [new]": 202664, "exec triage": 4011, "executor restarts": 51, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 4, "fuzzing VMs [new]": 10, "hints jobs": 2, "max signal": 13740, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11363, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1740, "no exec duration": 16103000000, "no exec requests": 37, "pending": 0, "prog exec time": 308, "reproducing": 0, "rpc recv": 2008398604, "rpc sent": 485635672, "signal": 12729, "smash jobs": 4, "triage jobs": 6, "vm output": 1224006, "vm restarts [base]": 4, "vm restarts [new]": 10 } 2025/07/31 14:44:29 fuzzer has not reached the modified code in 30m0s, aborting 2025/07/31 14:44:30 syz-diff (base): kernel context loop terminated 2025/07/31 14:44:30 syz-diff (new): kernel context loop terminated 2025/07/31 14:44:30 diff fuzzing terminated 2025/07/31 14:44:30 status reporting terminated 2025/07/31 14:44:30 bug reporting terminated 2025/07/31 14:44:30 fuzzing is finished 2025/07/31 14:44:30 status at the end: Title On-Base On-Patched