2026/05/06 11:52:25 extracted 324763 text symbol hashes for base and 324763 for patched 2026/05/06 11:52:25 symbol "vfio_pci_mmap_huge_fault.descriptor" has different values in base vs patch 2026/05/06 11:52:25 binaries are different, continuing fuzzing 2026/05/06 11:52:25 adding modified_functions to focus areas: ["vfio_pci_core_aer_err_detected" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_request" "vfio_pci_core_set_params" "vfio_pci_eventfd_replace_locked" "vfio_pci_init" "vfio_pci_vga_init"] 2026/05/06 11:52:25 adding directly modified files to focus areas: ["drivers/pci/tph.c" "drivers/vfio/pci/vfio_pci.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/pci-tph.h" "include/linux/vfio_pci_core.h" "include/uapi/linux/vfio.h"] 2026/05/06 11:52:25 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/05/06 11:53:32 runner 6 connected 2026/05/06 11:53:32 runner 8 connected 2026/05/06 11:53:32 runner 4 connected 2026/05/06 11:53:32 runner 5 connected 2026/05/06 11:53:33 runner 0 connected 2026/05/06 11:53:33 runner 1 connected 2026/05/06 11:53:33 runner 0 connected 2026/05/06 11:53:33 runner 3 connected 2026/05/06 11:53:34 runner 2 connected 2026/05/06 11:53:34 runner 7 connected 2026/05/06 11:53:34 runner 2 connected 2026/05/06 11:53:34 runner 1 connected 2026/05/06 11:53:39 initializing coverage information... 2026/05/06 11:53:40 executor cover filter: 0 PCs 2026/05/06 11:53:43 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/06 11:53:43 base: machine check complete 2026/05/06 11:53:45 discovered 7615 source files, 335605 symbols 2026/05/06 11:53:45 coverage filter: ^vfio_pci_core_aer_err_detected$: [vfio_pci_core_aer_err_detected] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_core_disable$: [vfio_pci_core_disable] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_core_ioctl$: [vfio_pci_core_ioctl] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_core_request$: [vfio_pci_core_request] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_core_set_params$: [vfio_pci_core_set_params] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_eventfd_replace_locked$: [vfio_pci_eventfd_replace_locked] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_init$: [] 2026/05/06 11:53:45 coverage filter: ^vfio_pci_vga_init$: [vfio_pci_vga_init] 2026/05/06 11:53:45 coverage filter: drivers/pci/tph.c: [] 2026/05/06 11:53:45 coverage filter: drivers/vfio/pci/vfio_pci.c: [drivers/vfio/pci/vfio_pci.c drivers/vfio/pci/vfio_pci_config.c drivers/vfio/pci/vfio_pci_core.c] 2026/05/06 11:53:45 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [] 2026/05/06 11:53:45 coverage filter: include/linux/pci-tph.h: [] 2026/05/06 11:53:45 coverage filter: include/linux/vfio_pci_core.h: [] 2026/05/06 11:53:45 coverage filter: include/uapi/linux/vfio.h: [] 2026/05/06 11:53:45 area "symbols": 334 PCs in the cover filter 2026/05/06 11:53:45 area "files": 1718 PCs in the cover filter 2026/05/06 11:53:45 area "": 0 PCs in the cover filter 2026/05/06 11:53:45 executor cover filter: 0 PCs 2026/05/06 11:53:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/06 11:53:47 new: machine check complete 2026/05/06 11:53:51 new: adding 2575 seeds 2026/05/06 11:53:58 triaged 96.8% of the corpus 2026/05/06 11:53:58 starting bug reproductions 2026/05/06 11:53:58 starting bug reproductions (max 6 VMs, 4 repros) 2026/05/06 11:54:28 triaged 100.0% of the corpus 2026/05/06 11:57:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 712, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9286, "distributor delayed": 419, "distributor undelayed": 419, "distributor violated": 0, "exec candidate": 2575, "exec collide": 3618, "exec fuzz": 6801, "exec gen": 373, "exec hints": 1063, "exec inject": 0, "exec minimize": 9337, "exec retries": 0, "exec seeds": 1958, "exec smash": 7549, "exec total [base]": 16385, "exec total [new]": 42828, "exec triage": 1897, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 842, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 161, "max signal": 9775, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5143, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 802, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 200, "reproducing": 0, "rpc recv": 1153726756, "rpc sent": 53340832, "signal": 8775, "smash jobs": 676, "triage jobs": 5, "vm output": 199468, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/06 12:02:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 15, "corpus": 995, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 113, "coverage": 12053, "distributor delayed": 571, "distributor undelayed": 571, "distributor violated": 0, "exec candidate": 2575, "exec collide": 8877, "exec fuzz": 16817, "exec gen": 894, "exec hints": 3183, "exec inject": 0, "exec minimize": 13659, "exec retries": 0, "exec seeds": 2915, "exec smash": 20267, "exec total [base]": 28380, "exec total [new]": 79508, "exec triage": 2663, "executor restarts [base]": 29, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 546, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 134, "max signal": 12537, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7198, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1145, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 284, "reproducing": 0, "rpc recv": 2069569448, "rpc sent": 136697712, "signal": 11389, "smash jobs": 395, "triage jobs": 17, "vm output": 377224, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/06 12:04:14 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:05:11 runner 0 connected 2026/05/06 12:05:25 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:06:22 runner 2 connected 2026/05/06 12:07:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 63, "corpus": 1195, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 412, "coverage": 12666, "distributor delayed": 673, "distributor undelayed": 673, "distributor violated": 0, "exec candidate": 2575, "exec collide": 12417, "exec fuzz": 23457, "exec gen": 1242, "exec hints": 5530, "exec inject": 0, "exec minimize": 17251, "exec retries": 0, "exec seeds": 3558, "exec smash": 27807, "exec total [base]": 29430, "exec total [new]": 104696, "exec triage": 3197, "executor restarts [base]": 35, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 251, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 68, "max signal": 13693, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8852, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1372, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 2486926780, "rpc sent": 184917752, "signal": 11971, "smash jobs": 177, "triage jobs": 6, "vm output": 599589, "vm restarts [base]": 5, "vm restarts [new]": 9 } 2026/05/06 12:07:45 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:08:42 runner 1 connected 2026/05/06 12:12:09 base crash: BUG: soft lockup in kvm_vcpu_ioctl 2026/05/06 12:12:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 95, "corpus": 1325, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 610, "coverage": 13106, "distributor delayed": 730, "distributor undelayed": 730, "distributor violated": 0, "exec candidate": 2575, "exec collide": 16696, "exec fuzz": 31552, "exec gen": 1667, "exec hints": 7428, "exec inject": 0, "exec minimize": 19503, "exec retries": 0, "exec seeds": 3972, "exec smash": 33007, "exec total [base]": 30154, "exec total [new]": 127599, "exec triage": 3540, "executor restarts [base]": 44, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14105, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9847, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1523, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 422, "reproducing": 0, "rpc recv": 2788998672, "rpc sent": 232137640, "signal": 12350, "smash jobs": 8, "triage jobs": 3, "vm output": 791732, "vm restarts [base]": 6, "vm restarts [new]": 9 } 2026/05/06 12:13:15 runner 2 connected 2026/05/06 12:14:41 base crash: no output from test machine 2026/05/06 12:15:46 runner 1 connected 2026/05/06 12:17:25 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:17:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 102, "corpus": 1397, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 788, "coverage": 13459, "distributor delayed": 776, "distributor undelayed": 776, "distributor violated": 0, "exec candidate": 2575, "exec collide": 21298, "exec fuzz": 40223, "exec gen": 2088, "exec hints": 8128, "exec inject": 0, "exec minimize": 20943, "exec retries": 0, "exec seeds": 4195, "exec smash": 34914, "exec total [base]": 30362, "exec total [new]": 145798, "exec triage": 3776, "executor restarts [base]": 50, "executor restarts [new]": 67, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14583, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10555, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1624, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 438, "reproducing": 0, "rpc recv": 2985554192, "rpc sent": 270184120, "signal": 12688, "smash jobs": 4, "triage jobs": 5, "vm output": 1054601, "vm restarts [base]": 8, "vm restarts [new]": 9 } 2026/05/06 12:18:30 runner 0 connected 2026/05/06 12:18:49 base crash: INFO: rcu detected stall in tx 2026/05/06 12:19:54 runner 2 connected 2026/05/06 12:20:04 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:21:08 runner 1 connected 2026/05/06 12:22:28 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 110, "corpus": 1475, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 975, "coverage": 13835, "distributor delayed": 818, "distributor undelayed": 818, "distributor violated": 0, "exec candidate": 2575, "exec collide": 26012, "exec fuzz": 49170, "exec gen": 2555, "exec hints": 8628, "exec inject": 0, "exec minimize": 22449, "exec retries": 0, "exec seeds": 4426, "exec smash": 36782, "exec total [base]": 30722, "exec total [new]": 164240, "exec triage": 3983, "executor restarts [base]": 59, "executor restarts [new]": 85, "fault jobs": 0, "fuzzer jobs": 20, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14948, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11303, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1717, "no exec duration": 23010000000, "no exec requests": 25, "pending": 0, "prog exec time": 402, "reproducing": 0, "rpc recv": 3227665484, "rpc sent": 309368200, "signal": 13010, "smash jobs": 11, "triage jobs": 5, "vm output": 1347905, "vm restarts [base]": 11, "vm restarts [new]": 9 } 2026/05/06 12:24:02 base crash: INFO: rcu detected stall in corrupted 2026/05/06 12:24:28 fuzzer has not reached the modified code in 30m0s, aborting 2026/05/06 12:24:28 repro loop terminated 2026/05/06 12:24:28 new: rpc server terminaled 2026/05/06 12:24:28 base: rpc server terminaled 2026/05/06 12:24:28 new: pool terminated 2026/05/06 12:24:28 new: kernel context loop terminated 2026/05/06 12:25:00 base: pool terminated 2026/05/06 12:25:00 base: kernel context loop terminated 2026/05/06 12:25:00 diff fuzzing terminated 2026/05/06 12:25:00 status reporting terminated 2026/05/06 12:25:00 bug reporting terminated 2026/05/06 12:25:00 fuzzing is finished 2026/05/06 12:25:00 status at the end: Title On-Base On-Patched Status BUG: soft lockup in kvm_vcpu_ioctl 1 crashes completed INFO: rcu detected stall in corrupted 6 crashes completed INFO: rcu detected stall in tx 1 crashes completed no output from test machine 1 crashes completed