Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stability as reported by CalibrationStage takes on huge values #2710

Closed
riesentoaster opened this issue Nov 19, 2024 · 7 comments
Closed

Stability as reported by CalibrationStage takes on huge values #2710

riesentoaster opened this issue Nov 19, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@riesentoaster
Copy link
Contributor

Stability values along the lines of 140599566187531952.000% are reported. See an excerpt from the logs below.

The fuzzer in question including all its config: link. Started with RUST_LOG="info,libafl_bolts=warn,libafl::events=warn" cargo make run --cores all --overcommit 10.

I can consistently reproduce this when using all cores and a high (>=10) overcommit. Using only a single core, or lower overcommit scores produces normal/expected values. So maybe something load-related?

Logs [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [Testcase #176] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.284%, stability: 140599566187531952.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [UserStats #302] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.284%, stability: 140082656017724848.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [UserStats #267] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.284%, stability: 139569532735608656.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 36/853 (4%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [UserStats #204] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.284%, stability: 139569532735608656.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 170/759 (22%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [UserStats #12] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 139569532735608656.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 759/759 (100%) [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] [UserStats #233] (GLOBAL) run time: 0h-1m-42s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 139569532735608656.000% [2024-11-19T23:15:02Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 384/384 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #230] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 139569532735608656.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #106] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 139569532735608656.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #3] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 139060154878909328.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #303] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 138554481588440576.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #157] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 138554481588440576.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #121] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 138554481588440576.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 7, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #242] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.285%, stability: 138052472597178096.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] [UserStats #222] (GLOBAL) run time: 0h-1m-43s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.291%, stability: 138052472597178096.000% [2024-11-19T23:15:03Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 1, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 384/384 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #112] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.291%, stability: 137554088219570976.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #232] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 137554088219570976.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 768/768 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #24] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 137059289341083296.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 759/25632 (2%), stability: 759/759 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #160] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 137059289341083296.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 744/744 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #47] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #182] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1191, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [Testcase #182] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1192, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #311] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1192, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.292%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 384/384 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #270] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1192, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.293%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 768/768 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #117] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1192, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.293%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [UserStats #275] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1192, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.294%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%) [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] [Testcase #275] (GLOBAL) run time: 0h-1m-44s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.294%, stability: 136568037407961152.000% [2024-11-19T23:15:04Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #298] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.295%, stability: 136568037407961152.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #50] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.295%, stability: 136568037407961152.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 1, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 384/384 (100%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #13] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.295%, stability: 136080294417218432.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #251] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 136080294417218432.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 76/744 (10%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #112] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 136080294417218432.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #275] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1193, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 136080294417218432.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [Testcase #275] (GLOBAL) run time: 0h-1m-45s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 136080294417218432.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%) [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] [UserStats #73] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 135596022906836880.000% [2024-11-19T23:15:05Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 36/853 (4%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #169] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 135115185946174320.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #209] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 135115185946174320.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 744/744 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #82] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134637747126576528.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #266] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1194, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134637747126576528.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [Testcase #266] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134637747126576528.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #254] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134163670552187168.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #77] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134163670552187168.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 768/25632 (2%), stability: 759/759 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #294] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 134163670552187168.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 768/25632 (2%), stability: 759/759 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #21] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 133692920830951424.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] [UserStats #140] (GLOBAL) run time: 0h-1m-46s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 133692920830951424.000% [2024-11-19T23:15:06Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] [UserStats #223] (GLOBAL) run time: 0h-1m-47s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 133225463065808256.000% [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 855/25632 (3%), stability: 855/855 (100%) [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] [UserStats #148] (GLOBAL) run time: 0h-1m-47s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 133225463065808256.000% [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] [UserStats #8] (GLOBAL) run time: 0h-1m-47s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132761262846066752.000% [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 846/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] [UserStats #46] (GLOBAL) run time: 0h-1m-47s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132761262846066752.000% [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 1, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 384/384 (100%) [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] [UserStats #305] (GLOBAL) run time: 0h-1m-47s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132761262846066752.000% [2024-11-19T23:15:07Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 744/744 (100%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #193] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1195, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132761262846066752.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [Testcase #193] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132761262846066752.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #190] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.296%, stability: 132300286238962352.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 1/853 (0%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #27] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.297%, stability: 132300286238962352.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #216] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.297%, stability: 132300286238962352.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #209] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.297%, stability: 132300286238962352.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 744/744 (100%) [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] [UserStats #161] (GLOBAL) run time: 0h-1m-48s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.297%, stability: 131842499781388096.000% [2024-11-19T23:15:08Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 853/853 (100%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [UserStats #294] (GLOBAL) run time: 0h-1m-49s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131842499781388096.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 759/759 (100%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [UserStats #193] (GLOBAL) run time: 0h-1m-49s, clients: 321, corpus: 1196, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131842499781388096.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 5, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [Testcase #193] (GLOBAL) run time: 0h-1m-49s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131842499781388096.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 6, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [UserStats #125] (GLOBAL) run time: 0h-1m-49s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131842499781388096.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 759/759 (100%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [UserStats #317] (GLOBAL) run time: 0h-1m-49s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131387870471797104.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 862/862 (100%) [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] [UserStats #40] (GLOBAL) run time: 0h-1m-50s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131387870471797104.000% [2024-11-19T23:15:09Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 4, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 249/853 (29%) [2024-11-19T23:15:10Z INFO fuzzer::runner::fuzzer] [UserStats #154] (GLOBAL) run time: 0h-1m-50s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131387870471797104.000% [2024-11-19T23:15:10Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 3, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 853/25632 (3%), stability: 846/846 (100%) [2024-11-19T23:15:10Z INFO fuzzer::runner::fuzzer] [UserStats #247] (GLOBAL) run time: 0h-1m-50s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131387870471797104.000% [2024-11-19T23:15:10Z INFO fuzzer::runner::fuzzer] (CLIENT) corpus: 2, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 862/25632 (3%), stability: 133/846 (15%) [2024-11-19T23:15:10Z INFO fuzzer::runner::fuzzer] [UserStats #224] (GLOBAL) run time: 0h-1m-50s, clients: 321, corpus: 1197, objectives: 0, executions: 0, exec/sec: 0.000, coverage_observer: 3.298%, stability: 131387870471797104.000%
@riesentoaster riesentoaster added the bug Something isn't working label Nov 19, 2024
@domenukk
Copy link
Member

Sounds like some overflow? Can you try building with overflow-checks = true?

@riesentoaster
Copy link
Contributor Author

riesentoaster commented Nov 20, 2024
edited
Loading

I see these crashes, but only for some of the clients.

thread 'main' panicked at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/stages/calibrate.rs:338:33:
attempt to subtract with overflow
stack backtrace:
   0:     0x559e98842fca - std::backtrace_rs::backtrace::libunwind::trace::h99efb0985cae5d78
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/../../backtrace/src/backtrace/libunwind.rs:116:5
   1:     0x559e98842fca - std::backtrace_rs::backtrace::trace_unsynchronized::he2c1aa63b3f7fad8
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x559e98842fca - std::sys::backtrace::_print_fmt::h8a221d40f5e0f88b
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/sys/backtrace.rs:66:9
   3:     0x559e98842fca - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h304520fd6a30aa07
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/sys/backtrace.rs:39:26
   4:     0x559e9886d85b - core::fmt::rt::Argument::fmt::h5da9c218ec984eaf
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/fmt/rt.rs:177:76
   5:     0x559e9886d85b - core::fmt::write::hf5713710ce10ff22
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/fmt/mod.rs:1178:21
   6:     0x559e9883f0d3 - std::io::Write::write_fmt::hda708db57927dacf
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/io/mod.rs:1823:15
   7:     0x559e98844312 - std::sys::backtrace::BacktraceLock::print::hbcdbec4d97c91528
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/sys/backtrace.rs:42:9
   8:     0x559e98844312 - std::panicking::default_hook::{{closure}}::he1ad87607d0c11c5
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:266:22
   9:     0x559e98843f7e - std::panicking::default_hook::h81c8cd2e7c59ee33
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:293:9
  10:     0x559e98844b0f - std::panicking::rust_panic_with_hook::had2118629c312a4a
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:797:13
  11:     0x559e98844853 - std::panicking::begin_panic_handler::{{closure}}::h7fa5985d111bafa2
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:664:13
  12:     0x559e988434a9 - std::sys::backtrace::__rust_end_short_backtrace::h704d151dbefa09c5
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/sys/backtrace.rs:170:18
  13:     0x559e98844514 - rust_begin_unwind
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:662:5
  14:     0x559e984f03a3 - core::panicking::panic_fmt::h3eea515d05f7a35e
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/panicking.rs:74:14
  15:     0x559e984f0b27 - core::panicking::panic_const::panic_const_sub_overflow::hc19f6e78060f2931
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/panicking.rs:181:21
  16:     0x559e98529c4f - <libafl::stages::calibrate::CalibrationStage<C,E,O,OT> as libafl::stages::Stage<E,EM,Z>>::perform::h0ad4bc6d71c6ef64
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/stages/calibrate.rs:338:33
  17:     0x559e98529c4f - libafl::stages::Stage::perform_restartable::h5b26f92fd9a19b14
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/stages/mod.rs:135:13
  18:     0x559e98524b36 - <(Head,Tail) as libafl::stages::StagesTuple<E,EM,<Head as libafl::state::UsesState>::State,Z>>::perform_all::hb4f4a03a80f0e9cc
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/stages/mod.rs:225:17
  19:     0x559e9855f063 - <(Head,Tail) as libafl::stages::StagesTuple<E,EM,<Head as libafl::state::UsesState>::State,Z>>::perform_all::h4426042abddab0e8
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/stages/mod.rs:238:9
  20:     0x559e984fef63 - <libafl::fuzzer::StdFuzzer<CS,F,OF,S> as libafl::fuzzer::Fuzzer<E,EM,ST>>::fuzz_one::h9ad53c384f296962
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/fuzzer/mod.rs:791:9
  21:     0x559e98506327 - libafl::fuzzer::Fuzzer::fuzz_loop::h6214eaf782c3aa69
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/fuzzer/mod.rs:247:13
  22:     0x559e985612ea - fuzzer::runner::fuzzer::fuzz::{{closure}}::hbd758e90f1753841
                               at /home/ubuntu/fuzzing-zephyr-network-stack/fuzzer/src/runner/fuzzer.rs:165:13
  23:     0x559e985612ea - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &mut F>::call_once::hc8e3dc6769c08316
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/ops/function.rs:305:13
  24:     0x559e98505c30 - libafl::events::launcher::Launcher<CF,MT,SP>::launch_with_hooks::h19f52ad7c9603267
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/events/launcher.rs:280:36
  25:     0x559e98568e19 - libafl::events::launcher::Launcher<CF,MT,SP>::launch::hec7f94be50d8d943
                               at /home/ubuntu/fuzzing-zephyr-network-stack/LibAFL/libafl/src/events/launcher.rs:188:9
  26:     0x559e98568e19 - fuzzer::runner::fuzzer::fuzz::h083fccb17373ef97
                               at /home/ubuntu/fuzzing-zephyr-network-stack/fuzzer/src/runner/fuzzer.rs:205:10
  27:     0x559e984f77c3 - core::ops::function::FnOnce::call_once::h0b9f3996b411c7a0
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/ops/function.rs:250:5
  28:     0x559e984f77c3 - std::sys::backtrace::__rust_begin_short_backtrace::hb6dfc245f5297c2a
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/sys/backtrace.rs:154:18
  29:     0x559e98553929 - std::rt::lang_start::{{closure}}::h8beac2fb2143202c
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/rt.rs:164:18
  30:     0x559e98838ef0 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h08ecba131ab90ec4
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/core/src/ops/function.rs:284:13
  31:     0x559e98838ef0 - std::panicking::try::do_call::hf33a59fd8ce953f4
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:554:40
  32:     0x559e98838ef0 - std::panicking::try::h5005ce80ce949fd8
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:518:19
  33:     0x559e98838ef0 - std::panic::catch_unwind::hfbae19e2e2c5b7ed
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panic.rs:345:14
  34:     0x559e98838ef0 - std::rt::lang_start_internal::{{closure}}::ha0331c3690741813
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/rt.rs:143:48
  35:     0x559e98838ef0 - std::panicking::try::do_call::hcdcbdb616b4d0295
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:554:40
  36:     0x559e98838ef0 - std::panicking::try::h3f2f1725a07d2256
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panicking.rs:518:19
  37:     0x559e98838ef0 - std::panic::catch_unwind::h51869e04b56b2dc3
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/panic.rs:345:14
  38:     0x559e98838ef0 - std::rt::lang_start_internal::h4d90db0530245041
                               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14/library/std/src/rt.rs:143:20
  39:     0x559e9851bd3c - main

Originates here:

LibAFL/libafl/src/stages/calibrate.rs

Lines 332 to 345 in e7f4888

mgr.fire(
state,
Event::UpdateUserStats {
name: Cow::from("stability"),
value: UserStats::new(
UserStatsValue::Ratio(
(map_first_filled_count - unstable_entries) as u64,
map_first_filled_count as u64,
),
AggregatorOps::Avg,
),
phantom: PhantomData,
},
)?;

@tokatoka
Copy link
Member

can you print what map_first_filled_count and unstable_entries are?

@riesentoaster
Copy link
Contributor Author

I ran the fuzzer with the additional checks until the first panic. I caught two executions of the code above. First with map_first_filled_count: 730, unstable_entries: 705, then, a bit later and immediately before the panic, with values map_first_filled_count: 709, unstable_entries: 729

@tokatoka
Copy link
Member

hmm. it's strange that almost all edges are unstable.

@riesentoaster
Copy link
Contributor Author

Yeah, I'm struggling with bad stability, hence the use of this stage. But no matter how unstable a fuzzer is, this should never cause a crash.

@tokatoka
Copy link
Member

#2731 should fix it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@domenukk @tokatoka @riesentoaster