2026/03/24 15:45:09 extracted 325862 text symbol hashes for base and 325864 for patched 2026/03/24 15:45:09 binaries are different, continuing fuzzing 2026/03/24 15:45:09 adding modified_functions to focus areas: ["__pfx_handle_guest_bus_lock" "bus_lock_exit" "cr_interception" "dr_interception" "handle_guest_bus_lock" "handle_user_split_lock" "pause_interception" "svm_cancel_injection" "svm_inject_exception" "svm_inject_irq" "svm_set_msr" "svm_skip_emulated_instruction" "svm_sync_dirty_debug_regs" "svm_vcpu_load" "svm_vcpu_reset" "svm_vcpu_run" "task_switch_interception" "vmload_interception" "vmsave_interception"] 2026/03/24 15:45:09 adding directly modified files to focus areas: ["arch/x86/include/asm/cpu.h" "arch/x86/kernel/cpu/bus_lock.c" "arch/x86/kvm/svm/svm.c"] 2026/03/24 15:45:09 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/03/24 15:46:08 runner 2 connected 2026/03/24 15:46:08 runner 1 connected 2026/03/24 15:46:08 runner 3 connected 2026/03/24 15:46:08 runner 5 connected 2026/03/24 15:46:08 runner 8 connected 2026/03/24 15:46:08 runner 1 connected 2026/03/24 15:46:08 runner 0 connected 2026/03/24 15:46:09 runner 6 connected 2026/03/24 15:46:09 runner 4 connected 2026/03/24 15:46:09 runner 0 connected 2026/03/24 15:46:09 runner 7 connected 2026/03/24 15:46:09 runner 2 connected 2026/03/24 15:46:14 initializing coverage information... 2026/03/24 15:46:15 executor cover filter: 0 PCs 2026/03/24 15:46:17 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8210 2026/03/24 15:46:17 base: machine check complete 2026/03/24 15:46:18 discovered 7695 source files, 336904 symbols 2026/03/24 15:46:18 coverage filter: ^__pfx_handle_guest_bus_lock$: [] 2026/03/24 15:46:18 coverage filter: ^bus_lock_exit$: [bus_lock_exit] 2026/03/24 15:46:18 coverage filter: ^cr_interception$: [cr_interception] 2026/03/24 15:46:18 coverage filter: ^dr_interception$: [dr_interception] 2026/03/24 15:46:18 coverage filter: ^handle_guest_bus_lock$: [handle_guest_bus_lock] 2026/03/24 15:46:18 coverage filter: ^handle_user_split_lock$: [handle_user_split_lock] 2026/03/24 15:46:18 coverage filter: ^pause_interception$: [pause_interception] 2026/03/24 15:46:18 coverage filter: ^svm_cancel_injection$: [svm_cancel_injection] 2026/03/24 15:46:18 coverage filter: ^svm_inject_exception$: [svm_inject_exception] 2026/03/24 15:46:18 coverage filter: ^svm_inject_irq$: [svm_inject_irq] 2026/03/24 15:46:18 coverage filter: ^svm_set_msr$: [svm_set_msr] 2026/03/24 15:46:18 coverage filter: ^svm_skip_emulated_instruction$: [svm_skip_emulated_instruction] 2026/03/24 15:46:18 coverage filter: ^svm_sync_dirty_debug_regs$: [svm_sync_dirty_debug_regs] 2026/03/24 15:46:18 coverage filter: ^svm_vcpu_load$: [svm_vcpu_load] 2026/03/24 15:46:18 coverage filter: ^svm_vcpu_reset$: [svm_vcpu_reset] 2026/03/24 15:46:18 coverage filter: ^svm_vcpu_run$: [svm_vcpu_run] 2026/03/24 15:46:18 coverage filter: ^task_switch_interception$: [task_switch_interception] 2026/03/24 15:46:18 coverage filter: ^vmload_interception$: [vmload_interception] 2026/03/24 15:46:18 coverage filter: ^vmsave_interception$: [vmsave_interception] 2026/03/24 15:46:18 coverage filter: arch/x86/include/asm/cpu.h: [] 2026/03/24 15:46:18 coverage filter: arch/x86/kernel/cpu/bus_lock.c: [arch/x86/kernel/cpu/bus_lock.c] 2026/03/24 15:46:18 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2026/03/24 15:46:18 area "symbols": 756 PCs in the cover filter 2026/03/24 15:46:18 area "files": 2576 PCs in the cover filter 2026/03/24 15:46:18 area "": 0 PCs in the cover filter 2026/03/24 15:46:18 executor cover filter: 0 PCs 2026/03/24 15:46:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8210 2026/03/24 15:46:20 new: machine check complete 2026/03/24 15:46:23 new: adding 2581 seeds 2026/03/24 15:46:42 triaged 96.9% of the corpus 2026/03/24 15:46:42 starting bug reproductions 2026/03/24 15:46:42 starting bug reproductions (max 6 VMs, 4 repros) 2026/03/24 15:47:12 triaged 100.0% of the corpus 2026/03/24 15:50:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 2, "corpus": 777, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 22, "coverage": 10573, "distributor delayed": 455, "distributor undelayed": 455, "distributor violated": 0, "exec candidate": 2581, "exec collide": 4635, "exec fuzz": 8902, "exec gen": 496, "exec hints": 1440, "exec inject": 0, "exec minimize": 10675, "exec retries": 0, "exec seeds": 2165, "exec smash": 10178, "exec total [base]": 19428, "exec total [new]": 50860, "exec triage": 2116, "executor restarts [base]": 30, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 869, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 160, "max signal": 11462, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5699, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 895, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 163, "reproducing": 0, "rpc recv": 1469925120, "rpc sent": 66382592, "signal": 10097, "smash jobs": 696, "triage jobs": 13, "vm output": 195619, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/03/24 15:55:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 65, "corpus": 993, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 310, "coverage": 12277, "distributor delayed": 595, "distributor undelayed": 595, "distributor violated": 0, "exec candidate": 2581, "exec collide": 9247, "exec fuzz": 17466, "exec gen": 953, "exec hints": 3509, "exec inject": 0, "exec minimize": 14663, "exec retries": 0, "exec seeds": 2894, "exec smash": 21022, "exec total [base]": 21344, "exec total [new]": 82750, "exec triage": 2744, "executor restarts [base]": 36, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 449, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 117, "max signal": 13345, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7587, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1167, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 250, "reproducing": 0, "rpc recv": 1952903852, "rpc sent": 119308800, "signal": 11731, "smash jobs": 320, "triage jobs": 12, "vm output": 288030, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/03/24 15:55:16 base crash: INFO: rcu detected stall in corrupted 2026/03/24 15:56:14 runner 2 connected 2026/03/24 15:59:08 base crash: INFO: rcu detected stall in corrupted 2026/03/24 15:59:16 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:00:05 runner 0 connected 2026/03/24 16:00:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 85, "corpus": 1130, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 746, "coverage": 12777, "distributor delayed": 705, "distributor undelayed": 705, "distributor violated": 0, "exec candidate": 2581, "exec collide": 12836, "exec fuzz": 24222, "exec gen": 1340, "exec hints": 6335, "exec inject": 0, "exec minimize": 17032, "exec retries": 0, "exec seeds": 3360, "exec smash": 27843, "exec total [base]": 21393, "exec total [new]": 106393, "exec triage": 3172, "executor restarts [base]": 39, "executor restarts [new]": 50, "fault jobs": 0, "fuzzer jobs": 26, "fuzzing VMs [base]": 1, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 14113, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8626, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1348, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 323, "reproducing": 0, "rpc recv": 2275716780, "rpc sent": 160257872, "signal": 12167, "smash jobs": 14, "triage jobs": 7, "vm output": 373118, "vm restarts [base]": 5, "vm restarts [new]": 9 } 2026/03/24 16:00:12 runner 1 connected 2026/03/24 16:01:38 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:02:36 runner 2 connected 2026/03/24 16:05:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 103, "corpus": 1253, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1088, "coverage": 13865, "distributor delayed": 790, "distributor undelayed": 790, "distributor violated": 0, "exec candidate": 2581, "exec collide": 17505, "exec fuzz": 33362, "exec gen": 1835, "exec hints": 7154, "exec inject": 0, "exec minimize": 19213, "exec retries": 0, "exec seeds": 3735, "exec smash": 31059, "exec total [base]": 22080, "exec total [new]": 127613, "exec triage": 3496, "executor restarts [base]": 48, "executor restarts [new]": 61, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15078, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9681, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1491, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 459, "reproducing": 0, "rpc recv": 2568708956, "rpc sent": 201397928, "signal": 13228, "smash jobs": 7, "triage jobs": 6, "vm output": 556138, "vm restarts [base]": 7, "vm restarts [new]": 9 } 2026/03/24 16:05:45 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:06:43 runner 1 connected 2026/03/24 16:08:34 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:09:32 runner 2 connected 2026/03/24 16:10:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 113, "corpus": 1337, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1408, "coverage": 14163, "distributor delayed": 843, "distributor undelayed": 843, "distributor violated": 0, "exec candidate": 2581, "exec collide": 22290, "exec fuzz": 42911, "exec gen": 2342, "exec hints": 7405, "exec inject": 0, "exec minimize": 20849, "exec retries": 0, "exec seeds": 3987, "exec smash": 33135, "exec total [base]": 22363, "exec total [new]": 146902, "exec triage": 3730, "executor restarts [base]": 60, "executor restarts [new]": 64, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15417, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10496, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1593, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 502, "reproducing": 0, "rpc recv": 2786034288, "rpc sent": 240797664, "signal": 13532, "smash jobs": 9, "triage jobs": 7, "vm output": 653079, "vm restarts [base]": 9, "vm restarts [new]": 9 } 2026/03/24 16:11:40 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:12:07 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:12:36 runner 0 connected 2026/03/24 16:13:03 runner 1 connected 2026/03/24 16:13:04 base crash: INFO: rcu detected stall in corrupted 2026/03/24 16:14:01 runner 2 connected 2026/03/24 16:15:12 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 121, "corpus": 1396, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1716, "coverage": 14309, "distributor delayed": 890, "distributor undelayed": 890, "distributor violated": 0, "exec candidate": 2581, "exec collide": 27226, "exec fuzz": 52190, "exec gen": 2889, "exec hints": 7499, "exec inject": 0, "exec minimize": 21999, "exec retries": 0, "exec seeds": 4167, "exec smash": 34642, "exec total [base]": 22475, "exec total [new]": 164752, "exec triage": 3898, "executor restarts [base]": 69, "executor restarts [new]": 78, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 15628, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11019, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1666, "no exec duration": 18054000000, "no exec requests": 27, "pending": 0, "prog exec time": 2771, "reproducing": 0, "rpc recv": 3011975472, "rpc sent": 277612824, "signal": 13668, "smash jobs": 4, "triage jobs": 5, "vm output": 838766, "vm restarts [base]": 12, "vm restarts [new]": 9 } 2026/03/24 16:17:12 fuzzer has not reached the modified code in 30m0s, aborting 2026/03/24 16:17:12 repro loop terminated 2026/03/24 16:17:12 new: rpc server terminaled 2026/03/24 16:17:12 base: rpc server terminaled 2026/03/24 16:17:12 base: pool terminated 2026/03/24 16:17:12 base: kernel context loop terminated 2026/03/24 16:17:12 new: pool terminated 2026/03/24 16:17:12 new: kernel context loop terminated 2026/03/24 16:17:12 diff fuzzing terminated 2026/03/24 16:17:12 bug reporting terminated 2026/03/24 16:17:12 status reporting terminated 2026/03/24 16:17:12 fuzzing is finished 2026/03/24 16:17:12 status at the end: Title On-Base On-Patched Status INFO: rcu detected stall in corrupted 9 crashes completed