2026/05/12 14:01:14 extracted 324817 text symbol hashes for base and 324819 for patched 2026/05/12 14:01:14 symbol "vfio_cap_init.__UNIQUE_ID_ddebug_853" has different values in base vs patch 2026/05/12 14:01:14 binaries are different, continuing fuzzing 2026/05/12 14:01:15 adding modified_functions to focus areas: ["__pfx_vfio_pci_tph_config_write" "vfio_pci_core_aer_err_detected" "vfio_pci_core_disable" "vfio_pci_core_ioctl" "vfio_pci_core_ioctl_feature" "vfio_pci_core_request" "vfio_pci_core_set_params" "vfio_pci_eventfd_replace_locked" "vfio_pci_init" "vfio_pci_init_perm_bits" "vfio_pci_tph_config_write" "vfio_pci_vga_init"] 2026/05/12 14:01:15 adding directly modified files to focus areas: ["drivers/pci/tph.c" "drivers/vfio/pci/vfio_pci.c" "drivers/vfio/pci/vfio_pci_config.c" "drivers/vfio/pci/vfio_pci_core.c" "include/linux/pci-tph.h" "include/linux/vfio_pci_core.h" "include/uapi/linux/vfio.h"] 2026/05/12 14:01:15 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/05/12 14:02:14 runner 3 connected 2026/05/12 14:02:21 runner 2 connected 2026/05/12 14:02:21 runner 5 connected 2026/05/12 14:02:21 initializing coverage information... 2026/05/12 14:02:21 runner 0 connected 2026/05/12 14:02:21 runner 7 connected 2026/05/12 14:02:22 runner 4 connected 2026/05/12 14:02:22 runner 0 connected 2026/05/12 14:02:22 runner 8 connected 2026/05/12 14:02:22 runner 6 connected 2026/05/12 14:02:22 runner 1 connected 2026/05/12 14:02:23 runner 1 connected 2026/05/12 14:02:23 runner 2 connected 2026/05/12 14:02:27 discovered 7615 source files, 335661 symbols 2026/05/12 14:02:28 coverage filter: ^__pfx_vfio_pci_tph_config_write$: [] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_aer_err_detected$: [vfio_pci_core_aer_err_detected] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_disable$: [vfio_pci_core_disable] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_ioctl$: [vfio_pci_core_ioctl] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_ioctl_feature$: [vfio_pci_core_ioctl_feature] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_request$: [vfio_pci_core_request] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_core_set_params$: [vfio_pci_core_set_params] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_eventfd_replace_locked$: [vfio_pci_eventfd_replace_locked] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_init$: [] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_init_perm_bits$: [] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_tph_config_write$: [vfio_pci_tph_config_write] 2026/05/12 14:02:28 coverage filter: ^vfio_pci_vga_init$: [vfio_pci_vga_init] 2026/05/12 14:02:28 coverage filter: drivers/pci/tph.c: [] 2026/05/12 14:02:28 coverage filter: drivers/vfio/pci/vfio_pci.c: [drivers/vfio/pci/vfio_pci.c drivers/vfio/pci/vfio_pci_config.c drivers/vfio/pci/vfio_pci_core.c] 2026/05/12 14:02:28 coverage filter: drivers/vfio/pci/vfio_pci_config.c: [] 2026/05/12 14:02:28 coverage filter: drivers/vfio/pci/vfio_pci_core.c: [] 2026/05/12 14:02:28 coverage filter: include/linux/pci-tph.h: [] 2026/05/12 14:02:28 coverage filter: include/linux/vfio_pci_core.h: [] 2026/05/12 14:02:28 coverage filter: include/uapi/linux/vfio.h: [] 2026/05/12 14:02:28 area "symbols": 383 PCs in the cover filter 2026/05/12 14:02:28 area "files": 1709 PCs in the cover filter 2026/05/12 14:02:28 area "": 0 PCs in the cover filter 2026/05/12 14:02:28 executor cover filter: 0 PCs 2026/05/12 14:02:28 executor cover filter: 0 PCs 2026/05/12 14:02:30 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/12 14:02:30 new: machine check complete 2026/05/12 14:02:31 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") MemoryDump : disabled by user NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8238 2026/05/12 14:02:31 base: machine check complete 2026/05/12 14:02:34 new: adding 2392 seeds 2026/05/12 14:02:48 triaged 97.0% of the corpus 2026/05/12 14:02:48 starting bug reproductions 2026/05/12 14:02:48 starting bug reproductions (max 6 VMs, 4 repros) 2026/05/12 14:03:18 triaged 100.0% of the corpus 2026/05/12 14:06:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 716, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9493, "distributor delayed": 428, "distributor undelayed": 428, "distributor violated": 0, "exec candidate": 2392, "exec collide": 3791, "exec fuzz": 7032, "exec gen": 381, "exec hints": 989, "exec inject": 0, "exec minimize": 9337, "exec retries": 0, "exec seeds": 2033, "exec smash": 7924, "exec total [base]": 15859, "exec total [new]": 42923, "exec triage": 1899, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 855, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 144, "max signal": 10138, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5024, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 806, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 194, "reproducing": 0, "rpc recv": 1201737136, "rpc sent": 57870024, "signal": 8963, "smash jobs": 701, "triage jobs": 10, "vm output": 206065, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/12 14:11:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 36, "corpus": 1024, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 15, "coverage": 12077, "distributor delayed": 599, "distributor undelayed": 599, "distributor violated": 0, "exec candidate": 2392, "exec collide": 8829, "exec fuzz": 16877, "exec gen": 897, "exec hints": 2915, "exec inject": 0, "exec minimize": 13901, "exec retries": 0, "exec seeds": 3020, "exec smash": 20415, "exec total [base]": 26034, "exec total [new]": 79126, "exec triage": 2736, "executor restarts [base]": 30, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 609, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 137, "max signal": 12589, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7213, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1177, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 263, "reproducing": 0, "rpc recv": 2084779128, "rpc sent": 124418944, "signal": 11470, "smash jobs": 462, "triage jobs": 10, "vm output": 336396, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/05/12 14:13:11 base crash: BUG: soft lockup in kvm_vcpu_ioctl 2026/05/12 14:14:07 runner 1 connected 2026/05/12 14:15:10 base crash: INFO: rcu detected stall in corrupted 2026/05/12 14:16:07 runner 0 connected 2026/05/12 14:16:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 75, "corpus": 1247, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 30, "coverage": 12886, "distributor delayed": 725, "distributor undelayed": 724, "distributor violated": 0, "exec candidate": 2392, "exec collide": 13363, "exec fuzz": 24996, "exec gen": 1326, "exec hints": 5371, "exec inject": 0, "exec minimize": 17485, "exec retries": 0, "exec seeds": 3756, "exec smash": 30314, "exec total [base]": 30621, "exec total [new]": 109467, "exec triage": 3319, "executor restarts [base]": 33, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 159, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 41, "max signal": 13820, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8875, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1436, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 280, "reproducing": 0, "rpc recv": 2719061496, "rpc sent": 177028152, "signal": 12239, "smash jobs": 111, "triage jobs": 7, "vm output": 451754, "vm restarts [base]": 5, "vm restarts [new]": 9 } 2026/05/12 14:21:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 109, "corpus": 1368, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 52, "coverage": 13394, "distributor delayed": 788, "distributor undelayed": 788, "distributor violated": 0, "exec candidate": 2392, "exec collide": 19600, "exec fuzz": 36836, "exec gen": 1932, "exec hints": 7170, "exec inject": 0, "exec minimize": 19779, "exec retries": 0, "exec seeds": 4128, "exec smash": 34284, "exec total [base]": 39366, "exec total [new]": 136883, "exec triage": 3619, "executor restarts [base]": 36, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 17, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14289, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9994, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1570, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 310, "reproducing": 0, "rpc recv": 3433906336, "rpc sent": 239897456, "signal": 12705, "smash jobs": 10, "triage jobs": 4, "vm output": 582680, "vm restarts [base]": 5, "vm restarts [new]": 9 } 2026/05/12 14:24:58 base crash: INFO: rcu detected stall in corrupted 2026/05/12 14:26:04 runner 0 connected 2026/05/12 14:26:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 123, "corpus": 1469, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 74, "coverage": 13774, "distributor delayed": 835, "distributor undelayed": 835, "distributor violated": 0, "exec candidate": 2392, "exec collide": 26105, "exec fuzz": 49222, "exec gen": 2578, "exec hints": 7785, "exec inject": 0, "exec minimize": 21743, "exec retries": 0, "exec seeds": 4433, "exec smash": 36858, "exec total [base]": 44962, "exec total [new]": 162148, "exec triage": 3886, "executor restarts [base]": 39, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 13, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 14707, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10924, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1690, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 324, "reproducing": 0, "rpc recv": 3976397984, "rpc sent": 296593848, "signal": 13002, "smash jobs": 6, "triage jobs": 4, "vm output": 698537, "vm restarts [base]": 6, "vm restarts [new]": 9 } 2026/05/12 14:31:18 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 138, "corpus": 1555, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 92, "coverage": 14003, "distributor delayed": 868, "distributor undelayed": 868, "distributor violated": 0, "exec candidate": 2392, "exec collide": 32576, "exec fuzz": 61670, "exec gen": 3215, "exec hints": 8551, "exec inject": 0, "exec minimize": 23447, "exec retries": 0, "exec seeds": 4698, "exec smash": 39111, "exec total [base]": 53021, "exec total [new]": 186911, "exec triage": 4108, "executor restarts [base]": 39, "executor restarts [new]": 49, "fault jobs": 0, "fuzzer jobs": 12, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14955, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11717, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1791, "no exec duration": 15007000000, "no exec requests": 17, "pending": 0, "prog exec time": 368, "reproducing": 0, "rpc recv": 4617343372, "rpc sent": 354954224, "signal": 13216, "smash jobs": 2, "triage jobs": 9, "vm output": 814445, "vm restarts [base]": 6, "vm restarts [new]": 9 } 2026/05/12 14:33:18 fuzzer has not reached the modified code in 30m0s, aborting 2026/05/12 14:33:18 repro loop terminated 2026/05/12 14:33:18 base: rpc server terminaled 2026/05/12 14:33:18 new: rpc server terminaled 2026/05/12 14:33:18 base: pool terminated 2026/05/12 14:33:18 base: kernel context loop terminated 2026/05/12 14:33:18 new: pool terminated 2026/05/12 14:33:18 new: kernel context loop terminated 2026/05/12 14:33:18 diff fuzzing terminated 2026/05/12 14:33:18 bug reporting terminated 2026/05/12 14:33:18 status reporting terminated 2026/05/12 14:33:18 fuzzing is finished 2026/05/12 14:33:18 status at the end: Title On-Base On-Patched Status BUG: soft lockup in kvm_vcpu_ioctl 1 crashes completed INFO: rcu detected stall in corrupted 2 crashes completed