Cannot run well with trace, but video is well

[WayneDevMaze]

Hi there,

I just got a little similar question like #1 & #3 .
I'm trying to fuzz SMB with "afl-clang-fast && afl-clang-fast++", with command like these.

1. using cmake to get build files in dir"build"
   cmake -DCMAKE_C_COMPILER=/home/ubuntu/Study/ijon/afl-clang-fast -DCMAKE_CXX_COMPILER=/home/ubuntu/Study/ijon/afl-clang-fast++ ..
2. using build.sh to make to get smbc, and I moved "build.sh"&"afl.sh" to dir"build"
   bash build.sh
   I changed this file for my evn:let AFL_INST_RATIO=2, if not change, I can't build SMB Instrumented with afl-clang-fast

3. using afl.sh to run fuzing
   bash afl.sh
   but I got problem:

   
   [-] Oops, the program crashed with one of the test cases provided. There are
   several possible explanations:
   
   - The test case causes known crashes under normal working conditions. If
     so, please remove it. The fuzzer should be seeded with interesting
     inputs - but not ones that cause an outright crash.
   
   - Least likely, there is a horrible bug in the fuzzer. If other options
     fail, poke <lcamtuf@coredump.cx> for troubleshooting tips.

[-] PROGRAM ABORT : Test case 'id:000000,orig:a' results in a crash Location : perform_dry_run(), afl-fuzz.c:2861

And then I used this command `afl-fuzz -m none -t 60000 -i ../seed/ -o workdir_ijon ./smbc_ijon 0 video`.   
Well, this time, SMB was running RIGHT. And I can see Mario changed his path some next-time. But running this with "video" is too slow.

So, my question is what should I do to fuzz SMB with "trace", and how to analyse the result of "trace". Really hope to recieve your advise.

Best wishes!

Wayne

[eqv]

No you shouldn't be using trace for fuzzing. Trace is only used to create plots. Simply fuzz with ./smb_ijon 0. Please close this issue if this solves the problem.

[eqv]

should be fixed in c75433e1ce5252363803c2a9a221ee99808f796f, please confirm & close