2026/05/11 21:26:14 extracted 324817 text symbol hashes for base and 324815 for patched 2026/05/11 21:26:14 symbol "__UNIQUE_ID_modinfo_907" has different values in base vs patch 2026/05/11 21:26:14 binaries are different, continuing fuzzing 2026/05/11 21:26:14 adding modified_functions to focus areas: ["vfio_pci_bar_rw" "vfio_pci_core_aer_err_detected" "vfio_pci_core_disable" "vfio_pci_core_enable" "vfio_pci_core_ioctl" "vfio_pci_core_mmap" "vfio_pci_core_request" "vfio_pci_ioeventfd"] 2026/05/11 21:26:14 adding directly modified files to focus areas: ["drivers/vfio/pci/nvgrace-gpu/main.c" "drivers/vfio/pci/vfio_pci_core.c" "drivers/vfio/pci/vfio_pci_dmabuf.c" "drivers/vfio/pci/vfio_pci_rdwr.c" "drivers/vfio/pci/virtio/legacy_io.c" "include/linux/vfio_pci_core.h"] 2026/05/11 21:26:14 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/05/11 21:27:13 runner 3 connected 2026/05/11 21:27:20 initializing coverage information... 2026/05/11 21:27:20 runner 1 connected 2026/05/11 21:27:20 runner 0 connected 2026/05/11 21:27:20 runner 2 connected 2026/05/11 21:27:21 runner 7 connected 2026/05/11 21:27:21 runner 8 connected 2026/05/11 21:27:21 runner 5 connected 2026/05/11 21:27:21 runner 1 connected 2026/05/11 21:27:21 runner 6 connected 2026/05/11 21:27:22 runner 0 connected 2026/05/11 21:27:22 runner 4 connected 2026/05/11 21:27:22 runner 2 connected 2026/05/11 21:27:26 discovered 7615 source files, 335657 symbols 2026/05/11 21:27:26 coverage filter: ^vfio_pci_bar_rw$: [vfio_pci_bar_rw] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_aer_err_detected$: [vfio_pci_core_aer_err_detected] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_disable$: [vfio_pci_core_disable] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_enable$: [vfio_pci_core_enable] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_ioctl$: [vfio_pci_core_ioctl] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_mmap$: [vfio_pci_core_mmap] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_core_request$: [vfio_pci_core_request] 2026/05/11 21:27:26 coverage filter: ^vfio_pci_ioeventfd$: [vfio_pci_ioeventfd] 2026/05/11 21:27:26 coverage filter: drivers/vfio/pci/nvgrace-gpu/main.c: [] 2026/05/11 21:27:26 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [drivers/vfio/pci/vfio_pci_core.c] 2026/05/11 21:27:26 coverage filter: drivers/vfio/pci/vfio_pci_dmabuf.c: [] 2026/05/11 21:27:26 coverage filter: drivers/vfio/pci/vfio_pci_rdwr.c: [drivers/vfio/pci/vfio_pci_rdwr.c] 2026/05/11 21:27:26 coverage filter: drivers/vfio/pci/virtio/legacy_io.c: [] 2026/05/11 21:27:26 coverage filter: include/linux/vfio_pci_core.h: [] 2026/05/11 21:27:26 area "symbols": 479 PCs in the cover filter 2026/05/11 21:27:26 area "files": 1201 PCs in the cover filter 2026/05/11 21:27:26 area "": 0 PCs in the cover filter 2026/05/11 21:27:26 executor cover filter: 0 PCs 2026/05/11 21:27:28 executor cover filter: 0 PCs 2026/05/11 21:27:29 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/11 21:27:29 new: machine check complete 2026/05/11 21:27:30 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/11 21:27:30 base: machine check complete 2026/05/11 21:27:33 new: adding 2547 seeds 2026/05/11 21:27:47 triaged 96.9% of the corpus 2026/05/11 21:27:47 starting bug reproductions 2026/05/11 21:27:47 starting bug reproductions (max 6 VMs, 4 repros) 2026/05/11 21:28:17 triaged 100.0% of the corpus 2026/05/11 21:31:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 727, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 10230, "distributor delayed": 410, "distributor undelayed": 410, "distributor violated": 0, "exec candidate": 2547, "exec collide": 3863, "exec fuzz": 7307, "exec gen": 363, "exec hints": 1170, "exec inject": 0, "exec minimize": 9647, "exec retries": 1, "exec seeds": 2016, "exec smash": 8066, "exec total [base]": 16317, "exec total [new]": 44560, "exec triage": 1990, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 842, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 170, "max signal": 10725, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5324, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 843, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 182, "reproducing": 0, "rpc recv": 1242521892, "rpc sent": 55353232, "signal": 9775, "smash jobs": 660, "triage jobs": 12, "vm output": 185355, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:36:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 35, "corpus": 1049, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 244, "coverage": 12379, "distributor delayed": 601, "distributor undelayed": 601, "distributor violated": 0, "exec candidate": 2547, "exec collide": 8555, "exec fuzz": 15930, "exec gen": 870, "exec hints": 3157, "exec inject": 0, "exec minimize": 15076, "exec retries": 1, "exec seeds": 3058, "exec smash": 18860, "exec total [base]": 23507, "exec total [new]": 78492, "exec triage": 2851, "executor restarts [base]": 32, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 858, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 202, "max signal": 13241, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7919, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1226, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 289, "reproducing": 0, "rpc recv": 2020603436, "rpc sent": 122693840, "signal": 11808, "smash jobs": 640, "triage jobs": 16, "vm output": 365539, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/11 21:39:00 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:39:28 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:39:40 base crash: BUG: soft lockup in kvm_vcpu_ioctl 2026/05/11 21:39:58 runner 1 connected 2026/05/11 21:40:25 runner 2 connected 2026/05/11 21:40:36 runner 0 connected 2026/05/11 21:41:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 60, "corpus": 1223, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 509, "coverage": 13004, "distributor delayed": 710, "distributor undelayed": 710, "distributor violated": 0, "exec candidate": 2547, "exec collide": 12583, "exec fuzz": 23503, "exec gen": 1281, "exec hints": 5449, "exec inject": 0, "exec minimize": 18121, "exec retries": 1, "exec seeds": 3636, "exec smash": 28000, "exec total [base]": 24318, "exec total [new]": 106042, "exec triage": 3330, "executor restarts [base]": 41, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 352, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 81, "max signal": 13968, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9337, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1431, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 287, "reproducing": 0, "rpc recv": 2433133680, "rpc sent": 172005768, "signal": 12388, "smash jobs": 266, "triage jobs": 5, "vm output": 585446, "vm restarts [base]": 6, "vm restarts [new]": 9 } 2026/05/11 21:44:11 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:45:08 runner 2 connected 2026/05/11 21:45:16 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:46:15 runner 1 connected 2026/05/11 21:46:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 86, "corpus": 1353, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 733, "coverage": 13575, "distributor delayed": 788, "distributor undelayed": 788, "distributor violated": 0, "exec candidate": 2547, "exec collide": 16487, "exec fuzz": 30693, "exec gen": 1690, "exec hints": 7700, "exec inject": 0, "exec minimize": 20479, "exec retries": 1, "exec seeds": 4058, "exec smash": 33756, "exec total [base]": 25620, "exec total [new]": 128698, "exec triage": 3696, "executor restarts [base]": 44, "executor restarts [new]": 57, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 2, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 14456, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10424, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1587, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 2774408592, "rpc sent": 219210400, "signal": 12790, "smash jobs": 6, "triage jobs": 5, "vm output": 808908, "vm restarts [base]": 8, "vm restarts [new]": 9 } 2026/05/11 21:47:06 base crash: no output from test machine 2026/05/11 21:48:03 runner 0 connected 2026/05/11 21:51:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 90, "corpus": 1417, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 880, "coverage": 13793, "distributor delayed": 825, "distributor undelayed": 825, "distributor violated": 0, "exec candidate": 2547, "exec collide": 21350, "exec fuzz": 40100, "exec gen": 2165, "exec hints": 9405, "exec inject": 0, "exec minimize": 21594, "exec retries": 1, "exec seeds": 4247, "exec smash": 35308, "exec total [base]": 26810, "exec total [new]": 148176, "exec triage": 3871, "executor restarts [base]": 53, "executor restarts [new]": 78, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 6, "max signal": 14607, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10946, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1663, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 331, "reproducing": 0, "rpc recv": 3029724052, "rpc sent": 264079104, "signal": 12919, "smash jobs": 5, "triage jobs": 3, "vm output": 1116763, "vm restarts [base]": 9, "vm restarts [new]": 9 } 2026/05/11 21:51:53 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:52:14 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:52:31 base crash: INFO: rcu detected stall in corrupted 2026/05/11 21:52:51 runner 0 connected 2026/05/11 21:53:11 runner 1 connected 2026/05/11 21:53:27 runner 2 connected 2026/05/11 21:56:17 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 96, "corpus": 1473, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1070, "coverage": 13896, "distributor delayed": 857, "distributor undelayed": 857, "distributor violated": 0, "exec candidate": 2547, "exec collide": 26085, "exec fuzz": 49242, "exec gen": 2661, "exec hints": 10422, "exec inject": 0, "exec minimize": 22506, "exec retries": 1, "exec seeds": 4415, "exec smash": 36673, "exec total [base]": 28162, "exec total [new]": 166153, "exec triage": 4009, "executor restarts [base]": 68, "executor restarts [new]": 82, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14725, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11389, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1725, "no exec duration": 15016000000, "no exec requests": 19, "pending": 0, "prog exec time": 347, "reproducing": 0, "rpc recv": 3287641392, "rpc sent": 307834552, "signal": 13015, "smash jobs": 10, "triage jobs": 2, "vm output": 1280482, "vm restarts [base]": 12, "vm restarts [new]": 9 } 2026/05/11 21:57:22 patched crashed: SYZFAIL: failed to recv rpc [need repro = false] 2026/05/11 21:58:17 fuzzer has not reached the modified code in 30m0s, aborting 2026/05/11 21:58:17 repro loop terminated 2026/05/11 21:58:17 new: rpc server terminaled 2026/05/11 21:58:17 base: rpc server terminaled 2026/05/11 21:58:17 base: pool terminated 2026/05/11 21:58:17 base: kernel context loop terminated 2026/05/11 21:58:25 new: pool terminated 2026/05/11 21:58:25 new: kernel context loop terminated 2026/05/11 21:58:25 diff fuzzing terminated 2026/05/11 21:58:25 bug reporting terminated 2026/05/11 21:58:25 status reporting terminated 2026/05/11 21:58:25 fuzzing is finished 2026/05/11 21:58:25 status at the end: Title On-Base On-Patched Status BUG: soft lockup in kvm_vcpu_ioctl 1 crashes completed INFO: rcu detected stall in corrupted 7 crashes completed SYZFAIL: failed to recv rpc 1 crashes ignored no output from test machine 1 crashes completed