Thanks to visit codestin.com
Credit goes to github.com

Skip to content

lkl_mount_dev fails with "No such device" when using libFuzzer #601

New issue
New issue
Open
Open
lkl_mount_dev fails with "No such device" when using libFuzzer#601
@squizz617

Description

@squizz617
squizz617
opened on May 13, 2025

Hi,
I'm trying to fuzz a simple LKL-based program using libFuzzer. Below is a minimal example that adds and mounts an ext4 disk image:

int main(int argc, char** argv) {
  long ret;
  struct lkl_disk disk;

  disk.fd = open("/tmp/images/ext4.img", O_RDONLY);
  if (disk.fd < 0) {
    printf("could not open image: %s\n", strerror(errno));
    return -1;
  }
  disk.ops = NULL;

  ret = lkl_init(&lkl_host_ops);
  if (ret < 0) {
    fprintf(stderr, "lkl init failed: %s\n", lkl_strerror(ret));
    return -1;
  }

  ret = lkl_disk_add(&disk);
  if (ret < 0) {
    fprintf(stderr, "can't add disk: %s\n", lkl_strerror(ret));
    return -1;
  }
  disk_id = ret;
  printf("added disk id: %u\n", disk_id);

  printf("starting kernel\n");
  /* ret = lkl_start_kernel("mem=2048M kasan.fault=panic printflevel=8"); */
  ret = lkl_start_kernel("mem=1024M printflevel=8");
  if (ret < 0) {
    printf("lkl_start_kernel failed: %s\n", lkl_strerror(ret));
    lkl_cleanup();
    return -1;
  }
  printf("lkl kernel started\n");

  ret = lkl_mount_dev(disk_id, 0, "ext4", LKL_MS_RDONLY, NULL, mpoint, sizeof(mpoint));
  if (ret) {
    fprintf(stderr, "can't mount disk: %s\n", lkl_strerror(ret));
    return -1;
  }

  printf("mount point: %s\n", mpoint);

  ret = lkl_sys_chdir(mpoint);
  if (ret) {
    fprintf(stderr, "can't chdir to %s: %s\n", mpoint,
        lkl_strerror(ret));
    return -1;
  }
}

The code works as expected:

added disk id: 0
starting kernel
...
lkl kernel started
[    0.036182] EXT4-fs (vda): mounted filesystem c578b322-37ea-4ec8-ae76-edd4406914e2 ro with ordered data mode. Quota mode: disabled.
mount point: /mnt/0000fe00

However, when I adapt the code for fuzzing by replacing main() with LLVMFuzzerTestOneInput() and building with LLVM=1 LKL_FUZZING=1 flags set, mounting the disk fails:

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3449617470
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
main
added disk id: 0
starting kernel
...
lkl kernel started
can't mount disk: No such device

This issue occurs on commit 7a3e9893a943b50b4313c66fda5a6c24d77b4e0e (I haven't tested other commits, though).

Any idea why lkl_mount_dev() fails in fuzzing mode with No such device, even though the exact same disk image mounts fine in standalone mode?

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions