Cannot find chaff bugs with AFL fuzzer

[sitoras]

I am trying to fuzz the target with injected chaff bugs (file-5.30). However, the fuzzer is unable to detect any of them; instead, it only encounters hangs and timeouts. I generated a fuzzing dictionary from strings extracted from the target program and one input file. I'm using AFL in QEMU mode to fuzz the binary with 3 CPUs, and I have been running the fuzzer for 48 hours. What could be an issue? I am using the buggy binary from /chaff/target_injections/${target}/bugs/${target}/lava-install/bin. Maybe I am using the wrong binary?

Thank you!

[HighW4y2H3ll]

Hi, I'm not sure why fuzzers cannot find any crashes. Can you verify that any inputs from target_injections/${target}/inputs can trigger a crash? Also another reference for chaff bug validations is at target_injections/${target}/logs/inject-${trail}.log. At the bottom of the log should show which input triggers which chaff bug.