2025/12/18 04:53:12 extracted 322796 text symbol hashes for base and 322796 for patched 2025/12/18 04:53:12 symbol "__virtio_crypto_skcipher_do_req.__UNIQUE_ID_ddebug1123" has different values in base vs patch 2025/12/18 04:53:12 binaries are different, continuing fuzzing 2025/12/18 04:53:12 adding modified_functions to focus areas: ["virtcrypto_done_task" "virtcrypto_free_unused_reqs" "virtcrypto_freeze" "virtcrypto_probe" "virtcrypto_update_status" "virtio_crypto_alg_skcipher_close_session" "virtio_crypto_alg_skcipher_init_session" "virtio_crypto_dataq_sym_callback" "virtio_crypto_rsa_exit_tfm" "virtio_crypto_rsa_set_key" "virtio_crypto_skcipher_crypt_req" "virtio_crypto_skcipher_decrypt" "virtio_crypto_skcipher_encrypt" "virtio_crypto_skcipher_init" "virtio_crypto_skcipher_setkey"] 2025/12/18 04:53:12 adding directly modified files to focus areas: ["drivers/crypto/virtio/virtio_crypto_common.h" "drivers/crypto/virtio/virtio_crypto_core.c" "drivers/crypto/virtio/virtio_crypto_skcipher_algs.c"] 2025/12/18 04:53:12 downloading corpus #1: "https://storage.googleapis.com/syzkaller/corpus/ci-upstream-kasan-gce-root-corpus.db" 2025/12/18 04:54:11 runner 1 connected 2025/12/18 04:54:11 runner 8 connected 2025/12/18 04:54:11 runner 3 connected 2025/12/18 04:54:11 runner 4 connected 2025/12/18 04:54:11 runner 2 connected 2025/12/18 04:54:11 runner 0 connected 2025/12/18 04:54:12 runner 1 connected 2025/12/18 04:54:12 runner 0 connected 2025/12/18 04:54:12 runner 2 connected 2025/12/18 04:54:12 runner 5 connected 2025/12/18 04:54:13 runner 7 connected 2025/12/18 04:54:13 runner 6 connected 2025/12/18 04:54:18 initializing coverage information... 2025/12/18 04:54:18 executor cover filter: 0 PCs 2025/12/18 04:54:20 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/18 04:54:20 base: machine check complete 2025/12/18 04:54:22 discovered 7609 source files, 333750 symbols 2025/12/18 04:54:22 coverage filter: virtcrypto_done_task: [virtcrypto_done_task] 2025/12/18 04:54:22 coverage filter: virtcrypto_free_unused_reqs: [virtcrypto_free_unused_reqs] 2025/12/18 04:54:22 coverage filter: virtcrypto_freeze: [virtcrypto_freeze] 2025/12/18 04:54:22 coverage filter: virtcrypto_probe: [virtcrypto_probe] 2025/12/18 04:54:22 coverage filter: virtcrypto_update_status: [virtcrypto_update_status] 2025/12/18 04:54:22 coverage filter: virtio_crypto_alg_skcipher_close_session: [virtio_crypto_alg_skcipher_close_session] 2025/12/18 04:54:22 coverage filter: virtio_crypto_alg_skcipher_init_session: [virtio_crypto_alg_skcipher_init_session] 2025/12/18 04:54:22 coverage filter: virtio_crypto_dataq_sym_callback: [virtio_crypto_dataq_sym_callback] 2025/12/18 04:54:22 coverage filter: virtio_crypto_rsa_exit_tfm: [virtio_crypto_rsa_exit_tfm] 2025/12/18 04:54:22 coverage filter: virtio_crypto_rsa_set_key: [virtio_crypto_rsa_set_key] 2025/12/18 04:54:22 coverage filter: virtio_crypto_skcipher_crypt_req: [virtio_crypto_skcipher_crypt_req] 2025/12/18 04:54:22 coverage filter: virtio_crypto_skcipher_decrypt: [virtio_crypto_skcipher_decrypt] 2025/12/18 04:54:22 coverage filter: virtio_crypto_skcipher_encrypt: [virtio_crypto_skcipher_encrypt] 2025/12/18 04:54:22 coverage filter: virtio_crypto_skcipher_init: [virtio_crypto_skcipher_init] 2025/12/18 04:54:22 coverage filter: virtio_crypto_skcipher_setkey: [virtio_crypto_skcipher_setkey] 2025/12/18 04:54:22 coverage filter: drivers/crypto/virtio/virtio_crypto_common.h: [] 2025/12/18 04:54:22 coverage filter: drivers/crypto/virtio/virtio_crypto_core.c: [drivers/crypto/virtio/virtio_crypto_core.c] 2025/12/18 04:54:22 coverage filter: drivers/crypto/virtio/virtio_crypto_skcipher_algs.c: [drivers/crypto/virtio/virtio_crypto_skcipher_algs.c] 2025/12/18 04:54:22 area "symbols": 210 PCs in the cover filter 2025/12/18 04:54:22 area "files": 349 PCs in the cover filter 2025/12/18 04:54:22 area "": 0 PCs in the cover filter 2025/12/18 04:54:22 executor cover filter: 0 PCs 2025/12/18 04:54:24 machine check: disabled the following syscalls: openat$sev : failed to open /dev/sev: no such file or directory syz_kvm_setup_cpu$ppc64 : unsupported arch transitively disabled the following syscalls (missing resource [creating syscalls]): close$binfmt : fd_binfmt [openat$binfmt] close$fd_v4l2_buffer : fd_v4l2_buffer [ioctl$VIDIOC_QUERYBUF_DMABUF] close$ibv_device : fd_rdma [openat$uverbs0] ioctl$KVM_CAP_SGX_ATTRIBUTE : fd_sgx_provision [openat$sgx_provision] ioctl$KVM_SEV_CERT_EXPORT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_DECRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_DBG_ENCRYPT : fd_sev [openat$sev] ioctl$KVM_SEV_ES_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_GET_ATTESTATION_REPORT : fd_sev [openat$sev] ioctl$KVM_SEV_GUEST_STATUS : fd_sev [openat$sev] ioctl$KVM_SEV_INIT : fd_sev [openat$sev] ioctl$KVM_SEV_INIT2 : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_MEASURE : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_SECRET : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_LAUNCH_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_LAUNCH_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_START : sev_handle [ioctl$KVM_SEV_GUEST_STATUS ioctl$KVM_SEV_LAUNCH_START ioctl$KVM_SEV_RECEIVE_START] ioctl$KVM_SEV_RECEIVE_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_RECEIVE_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_CANCEL : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_START : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_DATA : fd_sev [openat$sev] ioctl$KVM_SEV_SEND_UPDATE_VMSA : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_FINISH : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_START : fd_sev [openat$sev] ioctl$KVM_SEV_SNP_LAUNCH_UPDATE : fd_sev [openat$sev] BinFmtMisc : enabled Comparisons : enabled Coverage : enabled DelayKcovMmap : enabled DevlinkPCI : PCI device 0000:00:10.0 is not available ExtraCoverage : enabled Fault : enabled KCSAN : write(/sys/kernel/debug/kcsan, on) failed KcovResetIoctl : kernel does not support ioctl(KCOV_RESET_TRACE) LRWPANEmulation : enabled Leak : failed to write(kmemleak, "scan=off") NetDevices : enabled NetInjection : enabled NicVF : PCI device 0000:00:11.0 is not available SandboxAndroid : setfilecon: setxattr failed. (errno 1: Operation not permitted). . process exited with status 67. SandboxNamespace : enabled SandboxNone : enabled SandboxSetuid : enabled Swap : enabled USBEmulation : enabled VhciInjection : enabled WifiEmulation : enabled syscalls : 166/8056 2025/12/18 04:54:24 new: machine check complete 2025/12/18 04:54:27 new: adding 2497 seeds 2025/12/18 04:54:45 triaged 97.1% of the corpus 2025/12/18 04:54:45 starting bug reproductions 2025/12/18 04:54:45 starting bug reproductions (max 6 VMs, 4 repros) 2025/12/18 04:55:15 triaged 100.0% of the corpus 2025/12/18 04:58:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 0, "corpus": 734, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 0, "coverage": 9186, "distributor delayed": 448, "distributor undelayed": 448, "distributor violated": 0, "exec candidate": 2497, "exec collide": 3987, "exec fuzz": 7639, "exec gen": 399, "exec hints": 1298, "exec inject": 0, "exec minimize": 9565, "exec retries": 0, "exec seeds": 2045, "exec smash": 8471, "exec total [base]": 16837, "exec total [new]": 45256, "exec triage": 1909, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 881, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 160, "max signal": 9736, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 5250, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 815, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 186, "reproducing": 0, "rpc recv": 1191904632, "rpc sent": 62262392, "signal": 8819, "smash jobs": 713, "triage jobs": 8, "vm output": 231777, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:03:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 14, "corpus": 1013, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 44, "coverage": 11997, "distributor delayed": 596, "distributor undelayed": 596, "distributor violated": 0, "exec candidate": 2497, "exec collide": 9535, "exec fuzz": 18107, "exec gen": 993, "exec hints": 3712, "exec inject": 0, "exec minimize": 13619, "exec retries": 0, "exec seeds": 2958, "exec smash": 21751, "exec total [base]": 29526, "exec total [new]": 83264, "exec triage": 2651, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 429, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 124, "max signal": 12461, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 7132, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1142, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 290, "reproducing": 0, "rpc recv": 2114769788, "rpc sent": 150838664, "signal": 11438, "smash jobs": 301, "triage jobs": 4, "vm output": 384922, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:08:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 51, "corpus": 1229, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 236, "coverage": 12787, "distributor delayed": 715, "distributor undelayed": 715, "distributor violated": 0, "exec candidate": 2497, "exec collide": 14197, "exec fuzz": 27022, "exec gen": 1482, "exec hints": 7292, "exec inject": 0, "exec minimize": 17229, "exec retries": 0, "exec seeds": 3664, "exec smash": 30492, "exec total [base]": 39985, "exec total [new]": 114548, "exec triage": 3230, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 22, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 7, "max signal": 13339, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 8753, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1393, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 301, "reproducing": 0, "rpc recv": 3111938384, "rpc sent": 220894624, "signal": 12206, "smash jobs": 7, "triage jobs": 8, "vm output": 500490, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:13:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 71, "corpus": 1372, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 390, "coverage": 13205, "distributor delayed": 784, "distributor undelayed": 784, "distributor violated": 0, "exec candidate": 2497, "exec collide": 20702, "exec fuzz": 39205, "exec gen": 2141, "exec hints": 8392, "exec inject": 0, "exec minimize": 19806, "exec retries": 0, "exec seeds": 4102, "exec smash": 34105, "exec total [base]": 49183, "exec total [new]": 141994, "exec triage": 3600, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 15, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 3, "max signal": 13778, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 9935, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1552, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 336, "reproducing": 0, "rpc recv": 3919590852, "rpc sent": 293474472, "signal": 12649, "smash jobs": 7, "triage jobs": 5, "vm output": 640956, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:18:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 79, "corpus": 1455, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 506, "coverage": 13393, "distributor delayed": 838, "distributor undelayed": 838, "distributor violated": 0, "exec candidate": 2497, "exec collide": 27458, "exec fuzz": 51988, "exec gen": 2786, "exec hints": 9204, "exec inject": 0, "exec minimize": 21344, "exec retries": 0, "exec seeds": 4353, "exec smash": 36254, "exec total [base]": 57441, "exec total [new]": 167165, "exec triage": 3837, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 9, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14005, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 10675, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1654, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 415, "reproducing": 0, "rpc recv": 4587086272, "rpc sent": 360675880, "signal": 12821, "smash jobs": 3, "triage jobs": 5, "vm output": 794470, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:23:15 STAT { "buffer too small": 0, "candidate triage jobs": 0, "candidates": 0, "comps overflows": 84, "corpus": 1516, "corpus [files]": 0, "corpus [symbols]": 0, "cover overflows": 607, "coverage": 13686, "distributor delayed": 872, "distributor undelayed": 872, "distributor violated": 0, "exec candidate": 2497, "exec collide": 34718, "exec fuzz": 65918, "exec gen": 3505, "exec hints": 9530, "exec inject": 0, "exec minimize": 22390, "exec retries": 0, "exec seeds": 4539, "exec smash": 37798, "exec total [base]": 65666, "exec total [new]": 192353, "exec triage": 4013, "executor restarts [base]": 30, "executor restarts [new]": 47, "fault jobs": 0, "fuzzer jobs": 7, "fuzzing VMs [base]": 3, "fuzzing VMs [new]": 9, "hints jobs": 1, "max signal": 14328, "minimize: array": 0, "minimize: buffer": 0, "minimize: call": 11176, "minimize: filename": 0, "minimize: integer": 0, "minimize: pointer": 0, "minimize: props": 0, "minimize: resource": 0, "modules [base]": 1, "modules [new]": 1, "new inputs": 1729, "no exec duration": 22038000000, "no exec requests": 27, "pending": 0, "prog exec time": 322, "reproducing": 0, "rpc recv": 5198717188, "rpc sent": 430400896, "signal": 13072, "smash jobs": 2, "triage jobs": 4, "vm output": 938372, "vm restarts [base]": 3, "vm restarts [new]": 9 } 2025/12/18 05:25:15 fuzzer has not reached the modified code in 30m0s, aborting 2025/12/18 05:25:15 repro loop terminated 2025/12/18 05:25:15 base: rpc server terminaled 2025/12/18 05:25:15 new: rpc server terminaled 2025/12/18 05:25:15 new: pool terminated 2025/12/18 05:25:15 new: kernel context loop terminated 2025/12/18 05:25:15 base: pool terminated 2025/12/18 05:25:15 base: kernel context loop terminated 2025/12/18 05:25:15 diff fuzzing terminated 2025/12/18 05:25:15 bug reporting terminated 2025/12/18 05:25:15 status reporting terminated 2025/12/18 05:25:15 fuzzing is finished 2025/12/18 05:25:15 status at the end: Title On-Base On-Patched