search

seemoo-lab / VirtFuzz

VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
GNU General Public License v3.0
100 stars 6 forks source link

fuzzing other targets #4

Open selfbypass opened 4 days ago

selfbypass commented 4 days ago

Hi, I met some questions when fuzzing other targets, such as net, bluetooth. The log follows: `$ cargo run --release --package virtfuzz-fuzz -- --device net --cores 0-1 --stages standard

warning: unused import: info --> src/observer/kcov_map_observer.rs:9:25 9 use log::{debug, error, info, trace, warn}; ^^^^

= note: #[warn(unused_imports)] on by default

warning: virtfuzz (lib) generated 1 warning (run cargo fix --lib -p virtfuzz to apply 1 suggestion) warning: unused import: libafl_bolts::tuples::Merge --> fuzz/src/main.rs:10:5 10 use libafl_bolts::tuples::Merge; ^^^^^^^^^^^^^^^^^^^^^^^^^^^

= note: #[warn(unused_imports)] on by default

warning: unused import: tokens_mutations --> fuzz/src/main.rs:28:85 | 28 | scheduled::havoc_mutations, I2SRandReplace, StdScheduledMutator,StdMOptMutator, tokens_mutations, | ^^^^^^^^^^^^^^^^

warning: unused import: power::StdPowerMutationalStage --> fuzz/src/main.rs:34:56 | 34 | use libafl::stages::{StdMutationalStage, TracingStage, power::StdPowerMutationalStage}; | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

warning: virtfuzz-fuzz (bin "virtfuzz-fuzz") generated 3 warnings (run cargo fix --bin "virtfuzz-fuzz" to apply 3 suggestions) Finished release profile [optimized] target(s) in 0.08s Running target/release/virtfuzz-fuzz --device net --cores 0-1 --stages standard [Broker Heartbeat #0] (GLOBAL) run time: 0h-0m-30s, clients: 0, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-1m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-1m-30s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-2m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-2m-30s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-3m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-3m-30s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-4m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-4m-30s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 [Broker Heartbeat #0] (GLOBAL) run time: 0h-5m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000 (CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000`

Qemu objects aren't being launched. [qemu-system-x86] <defunct>

Besides, have you conducted an ablation study to evaluate the enhancement of fuzzing strategies such as mopt?

Thanks.

eknoes commented 4 days ago

Hi,

Did you apply the patches related to the coverage of the network stack (0003, 0007)?

No, unfortunately we did not conduct an ablation study, we only ran the evaluations that are in the paper, so with/without initial inputs.