2026/05/11 20:45:32 extracted 324817 text symbol hashes for base and 324817 for patched 2026/05/11 20:45:32 binaries are different, continuing fuzzing 2026/05/11 20:45:32 adding modified_functions to focus areas: ["vfio_pci_bar_rw" "vfio_pci_ioeventfd" "vfio_pci_rw"] 2026/05/11 20:45:32 adding directly modified files to focus areas: ["include/linux/vfio_pci_core.h"] 2026/05/11 20:45:32 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/05/11 20:46:38 runner 5 connected 2026/05/11 20:46:39 runner 3 connected 2026/05/11 20:46:39 runner 2 connected 2026/05/11 20:46:39 runner 7 connected 2026/05/11 20:46:39 runner 1 connected 2026/05/11 20:46:39 runner 1 connected 2026/05/11 20:46:40 runner 8 connected 2026/05/11 20:46:40 runner 4 connected 2026/05/11 20:46:40 runner 2 connected 2026/05/11 20:46:40 runner 6 connected 2026/05/11 20:46:40 runner 0 connected 2026/05/11 20:46:41 runner 0 connected 2026/05/11 20:46:45 initializing coverage information... 2026/05/11 20:46:46 executor cover filter: 0 PCs 2026/05/11 20:46:49 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/11 20:46:49 base: machine check complete 2026/05/11 20:46:52 discovered 7615 source files, 335659 symbols 2026/05/11 20:46:52 coverage filter: ^vfio_pci_bar_rw$: [vfio_pci_bar_rw] 2026/05/11 20:46:52 coverage filter: ^vfio_pci_ioeventfd$: [vfio_pci_ioeventfd] 2026/05/11 20:46:52 coverage filter: ^vfio_pci_rw$: [vfio_pci_rw] 2026/05/11 20:46:52 coverage filter: include/linux/vfio_pci_core.h: [] 2026/05/11 20:46:52 area "symbols": 115 PCs in the cover filter 2026/05/11 20:46:52 area "files": 0 PCs in the cover filter 2026/05/11 20:46:52 area "": 0 PCs in the cover filter 2026/05/11 20:46:52 executor cover filter: 0 PCs 2026/05/11 20:46:54 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/11 20:46:54 new: machine check complete 2026/05/11 20:46:58 new: adding 2547 seeds 2026/05/11 20:47:05 triaged 96.8% of the corpus 2026/05/11 20:47:05 starting bug reproductions 2026/05/11 20:47:05 starting bug reproductions (max 6 VMs, 4 repros) 2026/05/11 20:47:35 triaged 100.0% of the corpus 2026/05/11 20:50:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 3, "corpus": 728, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10331, "distributor delayed": 450, "distributor undelayed": 450, "distributor violated": 0, "exec candidate": 2547, "exec collide": 3503, "exec fuzz": 6346, "exec gen": 344, "exec hints": 1004, "exec inject": 0, "exec minimize": 10078, "exec retries": 0, "exec seeds": 2020, "exec smash": 6959, "exec total [base]": 15812, "exec total [new]": 42432, "exec triage": 2053, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 920, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 176, "max signal": 10992, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5561, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 857, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 189, "reproducing": 0, "rpc recv": 1248147308, "rpc sent": 54499872, "signal": 9871, "smash jobs": 720, "triage jobs": 24, "vm output": 192060, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 20:55:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 43, "corpus": 989, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 182, "coverage": 11961, "distributor delayed": 574, "distributor undelayed": 574, "distributor violated": 0, "exec candidate": 2547, "exec collide": 8215, "exec fuzz": 15193, "exec gen": 784, "exec hints": 2776, "exec inject": 0, "exec minimize": 14019, "exec retries": 0, "exec seeds": 2849, "exec smash": 18357, "exec total [base]": 26996, "exec total [new]": 75056, "exec triage": 2738, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 786, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 165, "max signal": 12465, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7366, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1152, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 259, "reproducing": 0, "rpc recv": 2221986248, "rpc sent": 125961552, "signal": 11439, "smash jobs": 613, "triage jobs": 8, "vm output": 294538, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:00:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 78, "corpus": 1145, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 370, "coverage": 12524, "distributor delayed": 669, "distributor undelayed": 669, "distributor violated": 0, "exec candidate": 2547, "exec collide": 12466, "exec fuzz": 23033, "exec gen": 1184, "exec hints": 5401, "exec inject": 0, "exec minimize": 16862, "exec retries": 0, "exec seeds": 3418, "exec smash": 27650, "exec total [base]": 36548, "exec total [new]": 103338, "exec triage": 3196, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 142, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 42, "max signal": 13508, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8687, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1348, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 362, "reproducing": 0, "rpc recv": 3094436236, "rpc sent": 193682816, "signal": 11947, "smash jobs": 93, "triage jobs": 7, "vm output": 411425, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:05:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1247, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 530, "coverage": 12872, "distributor delayed": 729, "distributor undelayed": 729, "distributor violated": 0, "exec candidate": 2547, "exec collide": 18598, "exec fuzz": 34713, "exec gen": 1819, "exec hints": 7005, "exec inject": 0, "exec minimize": 18795, "exec retries": 0, "exec seeds": 3738, "exec smash": 31090, "exec total [base]": 45394, "exec total [new]": 129400, "exec triage": 3514, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 18, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13943, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9576, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1485, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 325, "reproducing": 0, "rpc recv": 3847548072, "rpc sent": 263697456, "signal": 12251, "smash jobs": 4, "triage jobs": 11, "vm output": 529532, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:10:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 89, "corpus": 1382, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 687, "coverage": 13284, "distributor delayed": 813, "distributor undelayed": 813, "distributor violated": 0, "exec candidate": 2547, "exec collide": 24780, "exec fuzz": 46609, "exec gen": 2455, "exec hints": 8083, "exec inject": 0, "exec minimize": 21157, "exec retries": 0, "exec seeds": 4143, "exec smash": 34467, "exec total [base]": 53388, "exec total [new]": 155695, "exec triage": 3874, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 24, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 14553, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10714, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1643, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 362, "reproducing": 0, "rpc recv": 4504052608, "rpc sent": 331361552, "signal": 12638, "smash jobs": 9, "triage jobs": 11, "vm output": 670580, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:14:56 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:15:35 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 109, "corpus": 1476, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 878, "coverage": 13622, "distributor delayed": 850, "distributor undelayed": 850, "distributor violated": 0, "exec candidate": 2547, "exec collide": 30761, "exec fuzz": 58099, "exec gen": 3097, "exec hints": 8615, "exec inject": 0, "exec minimize": 22780, "exec retries": 0, "exec seeds": 4431, "exec smash": 36869, "exec total [base]": 55177, "exec total [new]": 178863, "exec triage": 4083, "executor restarts [base]": 33, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 11, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 0, "max signal": 14736, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11491, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1738, "no exec duration": 18005000000, "no exec requests": 19, "pending": 0, "prog exec time": 349, "reproducing": 0, "rpc recv": 4764351388, "rpc sent": 382329728, "signal": 12929, "smash jobs": 5, "triage jobs": 6, "vm output": 803003, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:15:53 runner 1 connected 2026/05/11 21:16:55 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:16:56 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:17:35 fuzzer has not reached the modified code in 30m0s, aborting 2026/05/11 21:17:35 repro loop terminated 2026/05/11 21:17:35 base: rpc server terminaled 2026/05/11 21:17:35 new: rpc server terminaled 2026/05/11 21:17:35 new: pool terminated 2026/05/11 21:17:35 new: kernel context loop terminated 2026/05/11 21:17:52 base: pool terminated 2026/05/11 21:17:52 base: kernel context loop terminated 2026/05/11 21:17:52 diff fuzzing terminated 2026/05/11 21:17:52 status reporting terminated 2026/05/11 21:17:52 bug reporting terminated 2026/05/11 21:17:52 fuzzing is finished 2026/05/11 21:17:52 status at the end: Title On-Base On-Patched Status INFO: rcu detected stall in corrupted 3 crashes completed