total: 0, valid: 0(-nan%), crash: 0(reason: 0)
De4dCr0w opened this issue · 6 comments
This project is awesome, and I have mutated the example successfully (outfile:/tmp/test_sample.c), but I don't now why the output like these:
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
How did you run this fuzzer?
Just update the README file, check How to run for detail.
Please, let me know if you have any further issues.
My bad! It can work by using the script https://github.com/snorez/clib/blob/master/tools/create-image.sh to generate image (./create-image.sh --distribution buster) . I generated image by ./create-image.sh directly before.
My bad! It can work by using the script https://github.com/snorez/clib/blob/master/tools/create-image.sh to generate image (./create-image.sh --distribution buster) . I generated image by ./create-image.sh directly before.
Thanks, I should update the README now.
I meet the same question. But, I am sure, I use ./create-image.sh --distribution buster to create disk image. I dont know why.
./ebpf_fuzzer config 0
qemu_fuzzlib_env_setup ...done
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)
[ebpf_fuzzer]: total: 0, valid: 0(-nan%), crash: 0(reason: 0)- I use
./create-image.sh --distribution busterto create disk image. - I compile and generate the kernel v5.8. For the bzImage file, make sure these config options are enabled:
CONFIG_CONFIGFS_FS=y CONFIG_SECURITYFS=y CONFIG_E1000=y CONFIG_BINFMT_MISC=y
- Launch qemu is successfully.
ssh -q -i /my_debianfs/buster.id_rsa -p 10021 -o 'StrictHostKeyChecking no' test@127.0.0.1 id uid=1000(test) gid=1000(test) groups=1000(test),27(sudo) context=system_u:system_r:kernel_t:s0 - so, I try to run ebpf-fuzzer
./ebpf_fuzzer config 0. It Print the result above. **Now, I dont know why. ** Below is my fuzzer_workdirtree fuzzer_workdir fuzzer_workdir ├── crash ├── instance_0 │ ├── osimage.img │ ├── test.c │ └── vm.log ├── instance_1 │ ├── osimage.img │ ├── test.c │ └── vm.log ├── not-tested └── tmp ├── default_guest.c └── default_guest.sh 5 directories, 8 files - The following is the contents of the vm.log file
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2]
�c�[?7l�[2J�[0mSeaBIOS (version 1.13.0-1ubuntu1.1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+3FF8C8A0+3FECC8A0 CA00
Press Ctrl-B to configure iPXE (PCI 00:03.0)...
Booting from ROM...
�c�[?7l�[2JWrong EFI loader signature.
early console in extract_kernel
input_data: 0x000000000273f3a8
input_len: 0x000000000089c72e
output: 0x0000000001000000
output_len: 0x0000000001fab450
kernel_total_size: 0x0000000001c2c000
needed_size: 0x0000000002000000
trampoline_32bit: 0x000000000009d000
booted via startup_32()
Physical KASLR using RDTSC...
Virtual KASLR using RDTSC...
Decompressing Linux... Parsing ELF... Performing relocations... done.
Booting the kernel.
[ 0.000000] Linux version 5.8.0 (dacao@dacao-ASUS) (gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #1 SMP Wed Oct 27 08:33:33 CST 2021
[ 0.000000] Command line: console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0
[ 0.000000] x86/fpu: x87 FPU will use FXSAVE
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
......
......
[�[0;32m OK �[0m] Started �[0;1;39mSystem Logging Service�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mgetty on tty2-tty6… and logind are not available�[0m.
[�[0;32m OK �[0m] Listening on �[0;1;39mLoad/Save RF …itch Status /dev/rfkill Watch�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mHelper to synchronize boot up for ifupdown�[0m.
Starting �[0;1;39mRaise network interfaces�[0m...
[ 4.884174] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[ 4.886053] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 4.887277] ip (158) used greatest stack depth: 12744 bytes left
[�[0;32m OK �[0m] Started �[0;1;39mRaise network interfaces�[0m.
[�[0;32m OK �[0m] Reached target �[0;1;39mNetwork�[0m.
Starting �[0;1;39mOpenBSD Secure Shell server�[0m...
Starting �[0;1;39mPermit User Sessions�[0m...
[�[0;32m OK �[0m] Started �[0;1;39mPermit User Sessions�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty2�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty1�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty5�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty6�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty4�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mGetty on tty3�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mSerial Getty on ttyS0�[0m.
[�[0;32m OK �[0m] Reached target �[0;1;39mLogin Prompts�[0m.
[�[0;32m OK �[0m] Started �[0;1;39mOpenBSD Secure Shell server�[0m.
[�[0;32m OK �[0m] Reached target �[0;1;39mMulti-User System�[0m.
[�[0;32m OK �[0m] Reached target �[0;1;39mGraphical Interface�[0m.
Starting �[0;1;39mUpdate UTMP about System Runlevel Changes�[0m...
[�[0;32m OK �[0m] Started �[0;1;39mUpdate UTMP about System Runlevel Changes�[0m.
Debian GNU/Linux 10 syzkaller ttyS0
syzkaller login: [ 10.634861] Connecting to host...
[ 11.540002] Connecting to host...
[ 12.984589] Connecting to host...
[ 14.387201] Connecting to host...
[ 16.098062] Connecting to host...
[ 17.578929] Connecting to host...
[ 19.060507] Connecting to host...
[ 20.599218] Connecting to host...
[ 22.151741] Connecting to host...
[ 23.639612] Connecting to host...
[ 25.114747] Connecting to host...
[ 26.670692] Connecting to host...
[ 28.157081] Connecting to host...
[ 29.621708] Connecting to host...
[ 31.185620] Connecting to host...
[ 32.645545] Connecting to host...
[ 34.235821] Connecting to host...
[ 35.773489] Connecting to host...
[ 37.289799] Connecting to host...
[ 38.852106] Connecting to host...
[ 40.304172] Connecting to host...
[ 41.866503] Connecting to host...
[ 43.409770] Connecting to host...
[ 44.884517] Connecting to host...
[ 46.490869] Connecting to host...
[ 48.006656] Connecting to host...
[ 49.470705] Connecting to host...
[ 51.010589] Connecting to host...
[ 52.550558] Connecting to host...
[ 54.073671] Connecting to host...
[ 55.613981] Connecting to host...
[ 57.126500] Connecting to host...
[ 58.665319] Connecting to host...
[ 60.192532] Connecting to host...
[ 61.680703] Connecting to host...
[ 63.273436] Connecting to host...
[ 64.841814] Connecting to host...
[ 66.314437] Connecting to host...
[ 67.811374] Connecting to host...
[ 69.389827] Connecting to host...
[ 70.984545] Connecting to host...
[ 72.413327] Connecting to host...
[ 74.011088] Connecting to host...
[ 75.440039] Connecting to host...
[ 77.007579] Connecting to host...
[ 78.594083] Connecting to host...
[ 80.034032] Connecting to host...
[ 81.641146] Connecting to host...
[ 83.596389] Connecting to host...
[ 84.922059] Connecting to host...
[ 86.551881] Connecting to host...
[ 88.022056] Connecting to host...
[ 89.568252] Connecting to host...
[ 91.146669] Connecting to host...
[ 92.686645] Connecting to host...
[ 94.299285] Connecting to host...
sfOOC� �� �� �� �� �I know why I meet the quesion. When compile the kernel, I shoud be config CONFIG_BPF_SYSCALL=y.