search

bitsecurerlab / aflplusplus-hier

afl/afl++ with a hierarchical seed scheduler
Apache License 2.0
57 stars 11 forks source link

Timeout while initializing fork server when Fuzzing jq with asan #2

Open huanggh666 opened 2 years ago

huanggh666 commented 2 years ago

I fuzz jq program using the aflplusplus-hier and get the fault as below. My jq propgram is compiled with address sanitizer(ASAN). The running command is: afl-fuzz -m none -t 1000+ -i in/ -o in_hier/ ./build/bin/jq ".[]" @@ 

[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
[+] Loaded environment variable AFL_USE_MULTI_LEVEL_COV with value 1
[+] Loaded environment variable AFL_USE_HIER_SCHEDULE with value 1
[+] Loaded environment variable AFL_PATH with value /opt/dataset/huanggh/fuzz/afl-hier
afl-fuzz++2.68c based on afl by Michal Zalewski and a big online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] Power schedules from github.com/mboehme/aflfast
[+] Python Mutator and llvm_mode instrument file list from github.com/choller/afl
[+] MOpt Mutator from github.com/puppet-meteor/MOpt-AFL
[+] use multi-level coverage
[+] use hierarchical seed scheduler
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE, default)
[*] Checking core_pattern...
[+] You have 56 CPU cores and 5 runnable tasks (utilization: 9%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.md.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #4.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:00000000,time:0,orig:Adyen_adyen-magento2.json'...
[*] Spinning up the fork server...

[-] PROGRAM ABORT : Timeout while initializing fork server (adjusting -t may help)
         Location : afl_fsrv_start(), src/afl-forkserver.c:769
MuseMamba commented 2 years ago

In fact, when I use the afl-hier under the instrumental model without the argument of -Q, the fuzzer cannot pass the function of calibrate_case by saying that no instrumentation.

MuseMamba commented 2 years ago

afl-clang-fast was used, and it will be fine under afl++ (:-

huanggh666 commented 2 years ago

afl-clang-fast was used, and it will be fine under afl++ (:-

It does not work in my test using the instrumention mode when I set the env variable AFL_USE_MUTIL_LEVEL_COV and AFL_USE_HIER_SCHEDULE to one.

MuseMamba commented 2 years ago

It seems that this version on github is only designed for qemu mode, I'm still wondering why it can't be used under the instrumental model, really appreciated if any suggestions from the contributors.<..>

Ricardo-609 commented 2 years ago

I also encountered this problem, is there a solution now? Thanks.

adrianherrera commented 1 year ago

I also encountered this issue when running in QEMU mode. The fuzzer either fails to start, and stops within a few seconds with a forkserver communication issue.