2026/01/30 03:27:31 extracted 326156 text symbol hashes for base and 326156 for patched 2026/01/30 03:27:31 binaries are different, continuing fuzzing 2026/01/30 03:27:32 adding modified_functions to focus areas: ["svm_set_efer"] 2026/01/30 03:27:32 adding directly modified files to focus areas: ["arch/x86/kvm/svm/svm.c" "tools/testing/selftests/kvm/Makefile.kvm" "tools/testing/selftests/kvm/x86/svm_nested_toggle_efer_svme.c"] 2026/01/30 03:27:32 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2026/01/30 03:28:30 runner 0 connected 2026/01/30 03:28:31 runner 7 connected 2026/01/30 03:28:31 runner 6 connected 2026/01/30 03:28:36 initializing coverage information... 2026/01/30 03:28:37 runner 0 connected 2026/01/30 03:28:37 runner 3 connected 2026/01/30 03:28:38 runner 2 connected 2026/01/30 03:28:38 runner 5 connected 2026/01/30 03:28:39 runner 1 connected 2026/01/30 03:28:39 runner 8 connected 2026/01/30 03:28:39 runner 2 connected 2026/01/30 03:28:39 runner 4 connected 2026/01/30 03:28:39 runner 1 connected 2026/01/30 03:28:40 discovered 7661 source files, 337553 symbols 2026/01/30 03:28:41 coverage filter: ^svm_set_efer$: [svm_set_efer] 2026/01/30 03:28:41 coverage filter: arch/x86/kvm/svm/svm.c: [arch/x86/kvm/svm/svm.c] 2026/01/30 03:28:41 coverage filter: tools/testing/selftests/kvm/Makefile.kvm: [] 2026/01/30 03:28:41 coverage filter: tools/testing/selftests/kvm/x86/svm_nested_toggle_efer_svme.c: [] 2026/01/30 03:28:41 area "symbols": 15 PCs in the cover filter 2026/01/30 03:28:41 area "files": 2139 PCs in the cover filter 2026/01/30 03:28:41 area "": 0 PCs in the cover filter 2026/01/30 03:28:41 executor cover filter: 0 PCs 2026/01/30 03:28:42 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/30 03:28:42 new: machine check complete 2026/01/30 03:28:44 executor cover filter: 0 PCs 2026/01/30 03:28:46 new: adding 2792 seeds 2026/01/30 03:28:47 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 172/8071 2026/01/30 03:28:47 base: machine check complete 2026/01/30 03:29:04 triaged 96.7% of the corpus 2026/01/30 03:29:04 starting bug reproductions 2026/01/30 03:29:04 starting bug reproductions (max 6 VMs, 4 repros) 2026/01/30 03:29:34 triaged 100.0% of the corpus 2026/01/30 03:32:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 6, "corpus": 771, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 1, "coverage": 10102, "distributor delayed": 448, "distributor undelayed": 448, "distributor violated": 0, "exec candidate": 2792, "exec collide": 3865, "exec fuzz": 7079, "exec gen": 355, "exec hints": 1321, "exec inject": 0, "exec minimize": 9801, "exec retries": 0, "exec seeds": 2086, "exec smash": 7600, "exec total [base]": 17229, "exec total [new]": 45339, "exec triage": 2139, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 968, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 209, "max signal": 10541, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5212, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 907, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 252, "reproducing": 0, "rpc recv": 1260286356, "rpc sent": 62771656, "signal": 9693, "smash jobs": 743, "triage jobs": 16, "vm output": 221673, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 03:37:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 52, "corpus": 1047, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 3, "coverage": 11830, "distributor delayed": 598, "distributor undelayed": 598, "distributor violated": 0, "exec candidate": 2792, "exec collide": 8512, "exec fuzz": 16022, "exec gen": 839, "exec hints": 3183, "exec inject": 0, "exec minimize": 13992, "exec retries": 0, "exec seeds": 3008, "exec smash": 18890, "exec total [base]": 28465, "exec total [new]": 78364, "exec triage": 2825, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 845, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 179, "max signal": 12333, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7133, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1216, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 312, "reproducing": 0, "rpc recv": 2184752932, "rpc sent": 138094776, "signal": 11394, "smash jobs": 652, "triage jobs": 14, "vm output": 431281, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 03:42:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 77, "corpus": 1232, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 41, "coverage": 12685, "distributor delayed": 688, "distributor undelayed": 688, "distributor violated": 0, "exec candidate": 2792, "exec collide": 12710, "exec fuzz": 23805, "exec gen": 1271, "exec hints": 5348, "exec inject": 0, "exec minimize": 16789, "exec retries": 0, "exec seeds": 3644, "exec smash": 28502, "exec total [base]": 37666, "exec total [new]": 106481, "exec triage": 3318, "executor restarts [base]": 29, "executor restarts [new]": 48, "fault jobs": 0, "fuzzer jobs": 280, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 68, "max signal": 13213, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8399, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1426, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 259, "reproducing": 0, "rpc recv": 3055894300, "rpc sent": 206706128, "signal": 12175, "smash jobs": 204, "triage jobs": 8, "vm output": 648533, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2026/01/30 03:45:25 patched crashed: INFO: rcu detected stall in corrupted [need repro = false] 2026/01/30 03:46:23 runner 1 connected 2026/01/30 03:47:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 93, "corpus": 1334, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 117, "coverage": 12921, "distributor delayed": 744, "distributor undelayed": 744, "distributor violated": 0, "exec candidate": 2792, "exec collide": 17868, "exec fuzz": 33266, "exec gen": 1733, "exec hints": 7913, "exec inject": 0, "exec minimize": 18571, "exec retries": 0, "exec seeds": 3978, "exec smash": 33084, "exec total [base]": 46448, "exec total [new]": 131125, "exec triage": 3618, "executor restarts [base]": 29, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 14, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13507, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9192, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1551, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 356, "reproducing": 0, "rpc recv": 3825415668, "rpc sent": 271501904, "signal": 12421, "smash jobs": 6, "triage jobs": 5, "vm output": 846622, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2026/01/30 03:52:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 98, "corpus": 1411, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 164, "coverage": 13138, "distributor delayed": 800, "distributor undelayed": 800, "distributor violated": 0, "exec candidate": 2792, "exec collide": 24600, "exec fuzz": 46041, "exec gen": 2399, "exec hints": 8537, "exec inject": 0, "exec minimize": 19830, "exec retries": 0, "exec seeds": 4206, "exec smash": 34968, "exec total [base]": 54590, "exec total [new]": 155502, "exec triage": 3830, "executor restarts [base]": 29, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 4, "max signal": 13875, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9787, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1642, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 328, "reproducing": 0, "rpc recv": 4428814388, "rpc sent": 337543264, "signal": 12623, "smash jobs": 10, "triage jobs": 1, "vm output": 1035435, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2026/01/30 03:57:34 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 109, "corpus": 1469, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 227, "coverage": 13336, "distributor delayed": 837, "distributor undelayed": 837, "distributor violated": 0, "exec candidate": 2792, "exec collide": 31502, "exec fuzz": 59259, "exec gen": 3050, "exec hints": 8846, "exec inject": 0, "exec minimize": 20736, "exec retries": 0, "exec seeds": 4383, "exec smash": 36390, "exec total [base]": 62338, "exec total [new]": 179280, "exec triage": 4020, "executor restarts [base]": 29, "executor restarts [new]": 51, "fault jobs": 0, "fuzzer jobs": 16, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 5, "max signal": 14130, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10186, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1723, "no exec duration": 12887000000, "no exec requests": 24, "pending": 0, "prog exec time": 348, "reproducing": 0, "rpc recv": 5004201972, "rpc sent": 402019648, "signal": 12805, "smash jobs": 8, "triage jobs": 3, "vm output": 1230081, "vm restarts [base]": 3, "vm restarts [new]": 10 } 2026/01/30 03:59:34 fuzzer has not reached the modified code in 30m0s, aborting 2026/01/30 03:59:34 repro loop terminated 2026/01/30 03:59:34 new: rpc server terminaled 2026/01/30 03:59:34 base: rpc server terminaled 2026/01/30 03:59:34 base: pool terminated 2026/01/30 03:59:34 base: kernel context loop terminated 2026/01/30 03:59:34 new: pool terminated 2026/01/30 03:59:34 new: kernel context loop terminated 2026/01/30 03:59:34 diff fuzzing terminated 2026/01/30 03:59:34 bug reporting terminated 2026/01/30 03:59:34 status reporting terminated 2026/01/30 03:59:34 fuzzing is finished 2026/01/30 03:59:34 status at the end: Title On-Base On-Patched INFO: rcu detected stall in corrupted 1 crashes