2026/05/12 08:16:44 extracted 324817 text symbol hashes for base and 324817 for patched 2026/05/12 08:16:44 binaries are different, continuing fuzzing 2026/05/12 08:16:44 adding modified_functions to focus areas: ["perf_trace_kvm_xen_hypercall" "trace_event_raw_event_kvm_xen_hypercall"] 2026/05/12 08:16:44 adding directly modified files to focus areas: ["arch/x86/kvm/trace.h"] 2026/05/12 08:16:44 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/05/12 08:17:42 runner 1 connected 2026/05/12 08:17:42 runner 3 connected 2026/05/12 08:17:43 runner 1 connected 2026/05/12 08:17:43 runner 6 connected 2026/05/12 08:17:43 runner 2 connected 2026/05/12 08:17:43 runner 4 connected 2026/05/12 08:17:43 runner 0 connected 2026/05/12 08:17:43 runner 0 connected 2026/05/12 08:17:43 runner 8 connected 2026/05/12 08:17:44 runner 5 connected 2026/05/12 08:17:44 runner 2 connected 2026/05/12 08:17:44 runner 7 connected 2026/05/12 08:17:49 initializing coverage information... 2026/05/12 08:17:49 executor cover filter: 0 PCs 2026/05/12 08:17:51 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/12 08:17:51 base: machine check complete 2026/05/12 08:17:53 discovered 7615 source files, 335659 symbols 2026/05/12 08:17:53 coverage filter: ^perf_trace_kvm_xen_hypercall$: [perf_trace_kvm_xen_hypercall] 2026/05/12 08:17:53 coverage filter: ^trace_event_raw_event_kvm_xen_hypercall$: [trace_event_raw_event_kvm_xen_hypercall] 2026/05/12 08:17:53 coverage filter: arch/x86/kvm/trace.h: [] 2026/05/12 08:17:53 area "symbols": 24 PCs in the cover filter 2026/05/12 08:17:53 area "files": 0 PCs in the cover filter 2026/05/12 08:17:53 area "": 0 PCs in the cover filter 2026/05/12 08:17:53 executor cover filter: 0 PCs 2026/05/12 08:17:54 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/12 08:17:54 new: machine check complete 2026/05/12 08:17:57 new: adding 2392 seeds 2026/05/12 08:18:16 triaged 97.2% of the corpus 2026/05/12 08:18:16 starting bug reproductions 2026/05/12 08:18:16 starting bug reproductions (max 6 VMs, 4 repros) 2026/05/12 08:18:46 triaged 100.0% of the corpus 2026/05/12 08:21:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 731, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10417, "distributor delayed": 457, "distributor undelayed": 457, "distributor violated": 0, "exec candidate": 2392, "exec collide": 4529, "exec fuzz": 8496, "exec gen": 467, "exec hints": 1307, "exec inject": 0, "exec minimize": 9658, "exec retries": 0, "exec seeds": 2063, "exec smash": 9975, "exec total [base]": 17878, "exec total [new]": 48003, "exec triage": 1994, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 785, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 132, "max signal": 11173, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5253, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 850, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 148, "reproducing": 0, "rpc recv": 1243783184, "rpc sent": 59531664, "signal": 9976, "smash jobs": 638, "triage jobs": 15, "vm output": 192249, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/12 08:26:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 30, "corpus": 1064, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 4, "coverage": 12523, "distributor delayed": 621, "distributor undelayed": 621, "distributor violated": 0, "exec candidate": 2392, "exec collide": 10106, "exec fuzz": 19052, "exec gen": 1002, "exec hints": 3834, "exec inject": 0, "exec minimize": 15297, "exec retries": 0, "exec seeds": 3150, "exec smash": 23024, "exec total [base]": 31262, "exec total [new]": 87812, "exec triage": 2834, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 445, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 106, "max signal": 13056, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7923, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1227, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 265, "reproducing": 0, "rpc recv": 2388802324, "rpc sent": 140557368, "signal": 11920, "smash jobs": 333, "triage jobs": 6, "vm output": 363244, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/12 08:31:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 73, "corpus": 1263, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 28, "coverage": 13586, "distributor delayed": 731, "distributor undelayed": 731, "distributor violated": 0, "exec candidate": 2392, "exec collide": 15112, "exec fuzz": 28678, "exec gen": 1492, "exec hints": 6508, "exec inject": 0, "exec minimize": 19538, "exec retries": 0, "exec seeds": 3807, "exec smash": 31644, "exec total [base]": 41774, "exec total [new]": 119712, "exec triage": 3417, "executor restarts [base]": 28, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14210, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9937, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1477, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 386, "reproducing": 0, "rpc recv": 3434981312, "rpc sent": 214802736, "signal": 12900, "smash jobs": 9, "triage jobs": 10, "vm output": 563541, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/12 08:33:35 base crash: INFO: rcu detected stall in corrupted 2026/05/12 08:34:32 runner 1 connected 2026/05/12 08:36:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 91, "corpus": 1350, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 77, "coverage": 13912, "distributor delayed": 788, "distributor undelayed": 788, "distributor violated": 0, "exec candidate": 2392, "exec collide": 22165, "exec fuzz": 41972, "exec gen": 2191, "exec hints": 7543, "exec inject": 0, "exec minimize": 21419, "exec retries": 0, "exec seeds": 4077, "exec smash": 33957, "exec total [base]": 46509, "exec total [new]": 146536, "exec triage": 3694, "executor restarts [base]": 34, "executor restarts [new]": 54, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15090, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10805, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1591, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 340, "reproducing": 0, "rpc recv": 3957739736, "rpc sent": 274416224, "signal": 13215, "smash jobs": 2, "triage jobs": 6, "vm output": 850655, "vm restarts [base]": 4, "vm restarts [new]": 9 } 2026/05/12 08:39:43 base crash: INFO: rcu detected stall in corrupted 2026/05/12 08:40:39 runner 0 connected 2026/05/12 08:41:10 base crash: INFO: rcu detected stall in corrupted 2026/05/12 08:41:26 base crash: INFO: rcu detected stall in corrupted 2026/05/12 08:41:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 103, "corpus": 1427, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 126, "coverage": 14185, "distributor delayed": 828, "distributor undelayed": 828, "distributor violated": 0, "exec candidate": 2392, "exec collide": 28679, "exec fuzz": 54163, "exec gen": 2817, "exec hints": 8019, "exec inject": 0, "exec minimize": 23088, "exec retries": 0, "exec seeds": 4308, "exec smash": 35879, "exec total [base]": 47040, "exec total [new]": 170396, "exec triage": 3925, "executor restarts [base]": 37, "executor restarts [new]": 57, "fault jobs": 0, "fuzzer jobs": 8, "fuzzing VMs [base]": 1, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15369, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11552, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1690, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 393, "reproducing": 0, "rpc recv": 4191472248, "rpc sent": 322057984, "signal": 13427, "smash jobs": 2, "triage jobs": 5, "vm output": 1174802, "vm restarts [base]": 5, "vm restarts [new]": 9 } 2026/05/12 08:42:06 runner 2 connected 2026/05/12 08:42:16 runner 1 connected 2026/05/12 08:46:46 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 116, "corpus": 1477, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 174, "coverage": 14340, "distributor delayed": 876, "distributor undelayed": 876, "distributor violated": 0, "exec candidate": 2392, "exec collide": 35158, "exec fuzz": 66023, "exec gen": 3427, "exec hints": 8489, "exec inject": 0, "exec minimize": 24230, "exec retries": 0, "exec seeds": 4461, "exec smash": 37163, "exec total [base]": 52028, "exec total [new]": 192571, "exec triage": 4103, "executor restarts [base]": 43, "executor restarts [new]": 63, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 15559, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 12109, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1762, "no exec duration": 20025000000, "no exec requests": 23, "pending": 0, "prog exec time": 366, "reproducing": 0, "rpc recv": 4726827996, "rpc sent": 379178064, "signal": 13596, "smash jobs": 3, "triage jobs": 9, "vm output": 1573736, "vm restarts [base]": 7, "vm restarts [new]": 9 } 2026/05/12 08:47:42 base crash: INFO: rcu detected stall in kvm_dev_ioctl 2026/05/12 08:48:32 runner 2 connected 2026/05/12 08:48:46 fuzzer has not reached the modified code in 30m0s, aborting 2026/05/12 08:48:46 base: rpc server terminaled 2026/05/12 08:48:46 repro loop terminated 2026/05/12 08:48:46 new: rpc server terminaled 2026/05/12 08:48:46 base: pool terminated 2026/05/12 08:48:46 base: kernel context loop terminated 2026/05/12 08:48:46 new: pool terminated 2026/05/12 08:48:46 new: kernel context loop terminated 2026/05/12 08:48:46 diff fuzzing terminated 2026/05/12 08:48:46 status reporting terminated 2026/05/12 08:48:46 bug reporting terminated 2026/05/12 08:48:46 fuzzing is finished 2026/05/12 08:48:46 status at the end: Title On-Base On-Patched Status INFO: rcu detected stall in corrupted 4 crashes completed INFO: rcu detected stall in kvm_dev_ioctl 1 crashes completed