@jonathanmetzman @lszekeres @inferno-chromium

The following are variations on how you can run afl++ effectively.

building afl++
```
git clone https://github.com/AFLplusplus/AFLplusplus afl++
cd afl++
checkout stable
make all
make -C llvm_mode
make -C examples/aflpp_driver
```
The last entry builds the libafl driver (see https://github.com/google/fuzzbench/blob/master/fuzzers/aflplusplus/builder.Dockerfile)
building targets Just use afl-clang-fast afl-clang-lto is a full step better (faster, auto dictionary) plus has a high impact on build time. Plain, or better with two useful options:
```
AFL_LLVM_CMPLOG=1     <= cmplog/redqueen, highly effective., not compatible with afl spinoffs
AFL_LLVM_LAF_ALL=1     <= highly improved laf-intel (floats, non-literal string support, etc.), compatible with afl spinoffs
```
Note that the binary comparability with afl and spin-offs are limited, as afl++ support variable map sizes - means: afl-fuzz and the target choose the correct size and have a non-colliding coverage. So far some targets the map will be 15k entries, and these are no problem. For a few large targets it can be > 64k and then these binaries cannot be used with others.

Note that for cmplog you are faster if you compile one version with cmplog and one without. the cmplog version is passed with the -c parameter to afl-fuzz. However if you do not care to loose a bit of speed, then you can use just a cmplog compiled one for both.

running targets The normal havoc mode is improved on afl and better than MOpt, and if it has a cycle without finds then it addionally activates MOpt. so your choices are:
```
-L 0   <- MOpt only
-L -1 <- start with mixed mode
nothing  <- mixed mode is turned on after a cycle without finds
AFL_EXPAND_HAVOC_NOW=1  <- dont wait for a cycle without finds to enable advanced havoc mode
```
And then you can select a schedule. we have 9 schedules and the best are: seek, rare, explore (the default). (-p schedule).

as you are fuzzing with an existing and growing corpus I highly recommend to use cmplog and laf-intel, use AFL_EXPAND_HAVOC_NOW and -p rare or -p seek. These options are the more effective ones to find new paths.

If you have further questions - just put them here.

Thank you so much @vanhauser-thc , this is a great start. We will keep posting the updates as we proceed here.

First patch landed, this replaces afl - https://github.com/google/oss-fuzz/commit/665e4898215c25a47dd29139f46c4f47f8139417, need to let it stabilize for a day or two. tests on a couple of projects seem fine, with both fuzzing and reproduction, lets see at scale if it all works.

Next steps,

need to add afl++ in a dozen of places in docs (waiting for 1-2 days to let afl++ stick).
we run 2 hr fuzzing sessions at a time on saturated corpora, do you recommend changing runtime options like -L?
Does cmplog, lafintel require lto instrumentation? i guess we should enable these one by one without lto first ? Do env options like AFL_LLVM_LAF_ALL fail when build instrumentation is not there, reason being we dont want to break regression testing with old build. Is it safe to set AFL_LLVM_CMPLOG=1 and AFL_LLVM_LAF_ALL=1 even when build instrumentation is not there.

Thanks for your support @vanhauser-thc !

* we run 2 hr fuzzing sessions at a time on saturated corpora, do you recommend changing runtime options like -L?

I would recommend randomly setting either -L0 or not at all (25% for setting it if you do have a fine-grained choice mechanism)

* Does cmplog, lafintel require lto instrumentation? i guess we should enable these one by one without lto first ? Do env options like AFL_LLVM_LAF_ALL fail when build instrumentation is not there, reason being we dont want to break regression testing with old build. Is it safe to set AFL_LLVM_CMPLOG=1 and AFL_LLVM_LAF_ALL=1 even when build instrumentation is not there.

neither do require LTO. As targets get compile regularly and fuzzed in 2h intervals I would recommend to stick to afl-clang-fast, because the compile time needed for afl-clang-lto would not be healthy then. And these env vars are build options. afl-fuzz does not know or care about them. For building I would recommend 60% CMPLOG, 20% LAF, 20% none - and not CMPLOG and LAF together.

Another thing you can do: AFL_LLVM_DICT2FILE=/full/path/to/dictfile.dic this generates a dictionary from the compiled data that (integers, strings, ...) that you can also load into libfuzzer and honggfuzz (and obviously afl-fuzz -x, afl++ can load multiple dictionaries with -x foo -x bar). fuzzbench showed that this is very effective (about 2.5% gain in coverage)

and for -p SCHEDULE I recommend randomly selecting one of: fast, coe, explore, exploit, rare (equally).

Always set AFL_EXPAND_HAVOC_NOW=1

50% change for AFL_DISABLE_TRIM=1

In the initial post I put "-L -1" and a few other items as alternatives, but with the afl++ development this has changed. Once the improved cmplog is done (needs 1-2 more fuzzbench runs) there will a new command line option that might be beneficial to set for it.

One more thing that came to my mind. if you fuzz in 2 hours intervals then this is IMHO too short. The fuzzers have to calibrate the starting corpus, as with oss-fuzz they are already saturated and therefore large, this can take quite a while.

I did a test on my current fuzzing experiment containing now a queue of 7000 entries. for that target it took 20 minutes until the calibration phase was done. Using AFL_FAST_CAL=1 takes the time down to 10 minutes - so that it something I strongly recommend to set. But it also means that even then ~5-10% of the runtime is lost to the calibration the fuzzers have to do at startup or over time. hence I recommend to run fuzzers for at least 4 hours so the calibration overhead is reduced.

Good news, nothing broke w.r.t builds (currently building with clang, afl_driver, not aflppdriver)

https://github.com/google/clusterfuzz/pull/2208

Ok, time changed to 4hr (AFL_FAST_CAL is already a strategy, see decide_fastcal* - https://github.com/google/clusterfuzz/blob/master/src/python/bot/fuzzers/afl/launcher.py#L328)
Enabled AFL_EXPAND_HAVOC_NOW=1 always

https://github.com/google/clusterfuzz/pull/2206 Account for default -S behavior, keep it backward compatible with AFL builds on chromium (need migration to afl++)

Before we do furthur optimization, need to debug this afl-showmap issue, did anything change in call style Just one exception left, any idea why showmap output file is not written. This binary is build with llvm's afl_driver, so it should be fed data from stdin.

message: "afl-showmap didn't output any coverage. Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-87120/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns', '1']
Return code: -14
Time executed: 2.159447193145752
Output: ======================= INFO =========================
This binary is built for AFL-fuzz.
To run the target function on individual input(s) execute this:
  /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns < INPUT_FILE
or
  /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns INPUT_FILE1 [INPUT_FILE2 ... ]
To fuzz with afl-fuzz execute this:
  afl-fuzz [afl-flags] /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns [-N]
afl-fuzz will run N iterations before re-spawning the process (default: 1000)
======================================================
oss-fuzzshark: disabling: ip
oss-fuzzshark: disabling: udp
oss-fuzzshark: disabling: udplite
oss-fuzzshark: disabling: ospf
oss-fuzzshark: disabling: bgp
oss-fuzzshark: disabling: dhcp
oss-fuzzshark: disabling: json
oss-fuzzshark: disabling: snort
oss-fuzzshark: configured for dissector: dns in table: udp.port
WARNING: using the deprecated call style `/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns 1`
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_udp_port-dns: successfully executed 1 input(s)

Code - https://github.com/google/clusterfuzz/blob/master/src/python/bot/fuzzers/afl/launcher.py#L1039

Try: export AFL_MAP_SIZE=4194304 ... there is a disadvantage with collision free coverage ... (btw this is also necessary for afl-fuzz, however afl-fuzz will tell you that)

afl-showmap seems to run fine locally, so still investigating what is going on.

./afl-showmap -t1000+ -o/tmp/p -mnone /out/fuzz_db 1 < /tmp/ii
[!] WARNING: Mistyped AFL environment variable: AFL_FUZZER_ARGS=-m none
afl-showmap++3.01a by Michal Zalewski
[*] Executing '/out/fuzz_db'...
-- Program output begins --
======================= INFO =========================
This binary is built for AFL-fuzz.
To run the target function on individual input(s) execute this:
  /out/fuzz_db < INPUT_FILE
or
  /out/fuzz_db INPUT_FILE1 [INPUT_FILE2 ... ]
To fuzz with afl-fuzz execute this:
  afl-fuzz [afl-flags] /out/fuzz_db [-N]
afl-fuzz will run N iterations before re-spawning the process (default: 1000)
======================================================
WARNING: using the deprecated call style `/out/fuzz_db 1`
/out/fuzz_db: successfully executed 1 input(s)
-- Program output ends --
[+] Captured 776 tuples (highest value 8, total values 1790) in '/tmp/p'.

afl-showmap issue is not a blocker, although these new -14 return code are weird, it is succeeding for most other cases

I 2021-01-26T21:32:59.665801568Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/pcapplusplus_FuzzTarget/448160ea3409c5487451c2fea14e913617746937: 1700 features 
I 2021-01-26T21:32:59.665715911Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/ibmswtpm2_fuzz_tpm_server/radamsa-01190-f3b75f730fa1870a377afd3651f6a72b0978f020: 257 features 
I 2021-01-26T21:32:59.661712300Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/ibmswtpm2_fuzz_tpm_server/radamsa-00220-cfcf98c6346119b3f37cfd80bf3f8dbdaa10c8b5: 209 features 
I 2021-01-26T21:32:59.657761543Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/pcapplusplus_FuzzTarget/radamsa-00508-9348627e74fadd62b70de18a3f5a7c545f99e525: 1286 features 
I 2021-01-26T21:32:59.653803200Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/pcapplusplus_FuzzTarget/radamsa-01987-102956ae52ecacc1b9a9dfc1cde9a235.00000039.honggfuzz.cov: 1261 features 
I 2021-01-26T21:32:59.650982473Z afl-showmap succeedded for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/nginx_http_request_fuzzer/43cc6b6f54335c3c5faa7847285f718f536f319d: 1788 features

the -14 is curious yes. are you using the afl-showmap from afl++ or is it the vanilla afl one? and I think it would help if you run one afl-showmap from hand to see what the exact output is that generates that return code.

btw:

[!] WARNING: Mistyped AFL environment variable: AFL_FUZZER_ARGS=-m none

we check for unknown env vars because we have so many :) you do not need this env. -m none is default since 3.0 for afl-fuzz, and in afl-tmin and afl-showmap soon on the next push to stable.

the -14 is curious yes. are you using the afl-showmap from afl++ or is it the vanilla afl one? and I think it would help if you run one afl-showmap from hand to see what the exact output is that generates that return code.

btw:
[!] WARNING: Mistyped AFL environment variable: AFL_FUZZER_ARGS=-m none
we check for unknown env vars because we have so many :) you do not need this env. -m none is default since 3.0 for afl-fuzz, and in afl-tmin and afl-showmap soon on the next push to stable.

Cannot remove '-m none` since keeping it compatible with afl used in chromium (should get replaced sometime with afl++) I can ignore warning for now, but you should add AFL_DRIVER_STDERR_DUPLICATE_FILENAME sometime (i think it is missing from your list since it is in aflpp_driver and afldriver :) From my side, i will try to reduce use of AFL vars, but warnings is not our worry atm :)

So, previously we never saw any errors in afl-showmap, and now all projects should be on afl++. i did run the afl-showmap for afl++ for several projects locally and it was executing fine, so that is why i added more debugging code now - https://github.com/google/clusterfuzz/commit/6a2c07ecb83125f41c0341c39320dbc634c4250a. I do see it succeeding for most runs, so logging to see what input was it when this error occurs. We are using clang+trace-pc-guard with afl_driver [https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_afl#L27], not afl_clang_fast or afl_clang_lto, could that instrumentation be an issue.

@vanhauser-thc - this afl-showmap issue is not frequent, but annoying (no specific targets, have seen this on libreoffice, leveldb, etc), basically, it returns with -14 error code, does not write coverage output and does not write "-- Program output ends --" section and tuples. happening on regular corpus files (non-zero, example -

"afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/0b9bc25420abea6c9f53a5afae0c5e6df660f571 (49 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-5152/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: -14
Time executed: 3.4761881828308105
Output: ======================= INFO =========================
This binary is built for AFL-fuzz.
To run the target function on individual input(s) execute this:
  /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer < INPUT_FILE
or
  /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer INPUT_FILE1 [INPUT_FILE2 ... ]
To fuzz with afl-fuzz execute this:
  afl-fuzz [afl-flags] /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer [-N]
afl-fuzz will run N iterations before re-spawning the process (default: 1000)
======================================================
"

Let me try AFL_MAP_SIZE=4194304

I dont see any afl-showmap output in the paste, only from the target. A paste of what exactly afl-showmap is printing would help. (plus setting AFL_DEBUG=1 and not using -q)

New instrumentation change to afl-clang-fast should enable AFL_DEBUG. Looks like AFL_MAP_SIZE is required for larger targets, so had to do - https://github.com/google/oss-fuzz/commit/93eb6024f41e00aec2535c4e6056e83902088305 [ClusterFuzz side runtime change is still needed, this is just needed when we run basic checks when we archived builds, those were crashing on startup].

@vanhauser-thc - should we not do a high AFL_MAP_SIZE=4194304 as default in afl++ itself, are there really bad memory implications / fuzzing efficiency issue with that high map size ? Still thinking if we should fix this in ClusterFuzz, or would it better to do a high default in afl++, rather than crashing on startup [this was breaking projects like libsass, matio, so seems common and annoying]

afl-fuzz and target only use as much from the map as needed. Shared memory is a limited resource hence we keep it at 64kb - which is more than enough for many targets. But I am thinking about getting the map size first and the resetting the required shared mem size - which would eliminate the need for the env.

afl-fuzz and target only use as much from the map as needed. Shared memory is a limited resource hence we keep it at 64kb - which is more than enough for many targets. But I am thinking about getting the map size first and the resetting the required shared mem size - which would eliminate the need for the env.

Yes that would be great if we can eliminate this completely . If you make a new release, please let me know here or update this hash here- https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/Dockerfile#L152. at this point, we want to ensure hundreds of these projects build with afl-clang-fast [and will test afl++ at scale :)], so AFL_MAP_SIZE workaround is fine, but on CF, will wait for this fix.

aflpp_driver+afl-clang-fast change broke many projects, trying to list issues here. reverting for now.

Project using meson, there is some unused command line arg in afl-clang-fast, e.g. systemd, irssi, dav1d https://github.com/google/oss-fuzz/pull/5084


Compiler stderr:
clang-12: error: /src/aflplusplus/afl-compiler-rt.o: 'linker' input unused [-Werror,-Wunused-command-line-argument]
clang-12: error: -Wl,--dynamic-list=/src/aflplusplus/dynamic_list.txt: 'linker' input unused [-Werror,-Wunused-command-line-argument]

meson.build:647:16: ERROR: Problem encountered: unable to determine gperf len type

exit 1
```
2. Crpytofuzz, njs, mruby, bignum-fuzzer
https://oss-fuzz-build-logs.storage.googleapis.com/log-60a3aa59-7b18-4692-ae45-2315ff241083.txt
https://oss-fuzz-build-logs.storage.googleapis.com/log-bf011061-b6d2-415c-8680-ff1c0ad59e36.txt
https://oss-fuzz-build-logs.storage.googleapis.com/log-ef630a07-882e-41fc-a66d-a730101b0e71.txt
https://oss-fuzz-build-logs.storage.googleapis.com/log-871a183a-01cc-496b-a977-9bda4ce792de.txt
```
Step #32: loadelf: /src/go/pkg/linux_amd64/runtime/cgo.a(_x006.o): 224863: sym#7: ignoring symbol in section 9 (type 0) Step #32: net(.text._cgo_26061493d47f_C2func_getaddrinfo): relocation target afl_area_ptr not defined Step #32: net(.text._cgo_26061493d47f_Cfunc_freeaddrinfo): relocation target afl_area_ptr not defined Step #32: net(.text._cgo_26061493d47f_Cfunc_gai_strerror): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_notify_runtime_init_done): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_mmap): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_munmap): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_setenv): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_unsetenv): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_sigaction): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_callers): relocation target __afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_thread_start): relocation target afl_area_ptr not defined Step #32: runtime/cgo(.text.x_cgo_thread_start): relocation target _cgo_sys_thread_start not defined Step #32: _cgo_init: relocation target x_cgo_init not defined

usrsctp project, protobuf-c, libraw, libplist, flac E.g. https://oss-fuzz-build-logs.storage.googleapis.com/log-aa06cd51-bfc1-4d97-b67b-da7789adc9c4.txt https://oss-fuzz-build-logs.storage.googleapis.com/log-fb4a50b1-bab2-4197-96b6-d5a3e7446469.txt https://oss-fuzz-build-logs.storage.googleapis.com/log-7c317136-01b7-498a-a387-40b6fef311f4.txt

Step #32: [100%] Linking C executable fuzzer_connect_multi
Step #32: /src/aflplusplus/afl-compiler-rt.o/src/aflplusplus/afl-compiler-rt.o/src/aflplusplus/afl-compiler-rt.o: In function `: In function `: In function `__cmplog_ins_hook1__cmplog_ins_hook1__cmplog_ins_hook1':
Step #32: ':
Step #32: ':
Step #32: llvm_mode/instrumentation/afl-compiler-rt.o.c:llvm_mode/instrumentation/afl-compiler-rt.o.c:llvm_mode/instrumentation/afl-compiler-rt.o.c:121212121212: multiple definition of `: multiple definition of `: multiple definition of `__sanitizer_cov_trace_cmp1__sanitizer_cov_trace_cmp1'
Step #32: __sanitizer_cov_trace_cmp1'
Step #32: '
Step #32: /src/aflplusplus/afl-compiler-rt.o: In function `__cmplog_ins_hook1':

tpm2-tss, ibmswtpm2 https://oss-fuzz-build-logs.storage.googleapis.com/log-75ef812e-92d2-4d01-abd1-ec71854abc67.txt https://oss-fuzz-build-logs.storage.googleapis.com/log-58ba4bb5-ba15-476b-bffd-e6a9f0163e49.txt

tep #32: /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../libFuzzingEngine.a(aflpp_driver.o): In function `main':
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:235: undefined reference to `__afl_manual_init'
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:243: undefined reference to `__afl_manual_init'
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:250: undefined reference to `__afl_persistent_loop'
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:250: undefined reference to `__afl_persistent_loop'
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:261: undefined reference to `__afl_fuzz_len'
Step #32: /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:264: undefined reference to `__afl_fuzz_ptr'
Step #32: make: *** [test/fuzz/Tss2_Sys_PolicyRestart_Complete.fuzz] Error 1

qt, simple fix, need to bring back afl repo or redirect to aflpp

Step #4: cp: cannot stat '/src/afl/dictionaries/xml.dict': No such file or directory
Step #4: ********************************************************************************
Step #4: Failed to build.
Step #4: To reproduce, run:
Step #4: python infra/helper.py build_image qt
Step #4: python infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 qt
Step #4: ********************************************************************************

I have never used oss-fuzz - how can I easily try and debug a build?

First pull latest images

python infra/helper.py pull_images

Make a change in base-builder, like apply the cl above. This creates a local build of the docker image.

python infra/helper.py build_image base-builder

Build the project using this image built above

python infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 dav1d

This reproduces the failures, but for debugging inside docker then do

python infra/helper.py shell dav1d
./compile

afl++ code, built bins in /src/aflplusplus this compile_afl file - https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_afl is copied to /usr/local/bin in https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/Dockerfile#L163, so if you want to modify this, you can do that and then run ./compile again

I tried this but it seems something is missing or I misunderstood:

python infra/helper.py pull_images
python infra/helper.py build_image base-builder
python infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 tpm2-tss
python infra/helper.py shell tpm2-tss
=>
compile
compile_afl
compile    <= still compiles for libfuzzer not for afl++

and there is no ./compile

Edit: there is a "./compile" after running "compile", but that doesnt do anything

I tried this but it seems something is missing or I misunderstood:

python infra/helper.py pull_images
python infra/helper.py build_image base-builder
python infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 tpm2-tss
python infra/helper.py shell tpm2-tss
=>
compile
compile_afl
compile    <= still compiles for libfuzzer not for afl++

and there is no ./compile

sorry my bad

python infra/helper.py shell --sanitizer address --engine afl --architecture x86_64 tpm2-tss
compile

The first issue is compile_afl. the third to last line:

ls afl-* *.a *.o *.so | sort -u | xargs cp -t $OUT

this additionally needs *.txt - this is the reason several projects do not compile.

not checking for other issues.

with this PR dav1d and tpm2-tss compile. this should fix everything except the wrong dict for qt - and usrsctp project, protobuf-c, libraw, libplist, flac ... will check them next.

another issue I see in #5074 is that afl-clang-fast is used, however CFLAGS/CXXFLAGS still contain -fsanitize-fuzzer... which is obviously a bad idea :) I have no clue where this is set.

Regarding this comment - https://github.com/google/oss-fuzz/issues/4280#issuecomment-771068473, which project was it. Sometimes project's makefile can put that incorrectly, which is a bug they should fix. Your stripping logic is fine too.

systemd, irssi, dav1d, njs, protobuf-c, libraw, libplist, flac work great

remaining breakages (i dont think we need to revert now, we can see if there is an easy fix here since will affect other afl++ users too, take your time, thanks a lot!). -

usrsctp

[100%] Linking C executable fuzzer_listen
/src/aflplusplus/afl-compiler-rt.o: In function `__cmplog_ins_hook1':
llvm_mode/instrumentation/afl-compiler-rt.o.c:1216: multiple definition of `__sanitizer_cov_trace_cmp1'
/src/aflplusplus/afl-compiler-rt.o/src/aflplusplus/afl-compiler-rt.o/src/aflplusplus/afl-compiler-rt.o: In function `: In function `: In function `__cmplog_ins_hook1__cmplog_ins_hook1__cmplog_ins_hook1':

bignum-fuzzer

Step #22: loadelf: /src/go/pkg/linux_amd64/runtime/cgo.a(_x006.o): 181418: sym#7: ignoring symbol in section 9 (type 0)
Step #22: net(.text._cgo_26061493d47f_C2func_getaddrinfo): relocation target __afl_area_ptr not defined
Step #22: net(.text._cgo_26061493d47f_Cfunc_freeaddrinfo): relocation target __afl_area_ptr not defined
Step #22: net(.text._cgo_26061493d47f_Cfunc_gai_strerror): relocation target __afl_area_ptr not defined
Step #22: runtime/cgo(.text.x_cgo_notify_runtime_init_done): relocation target __afl_area_ptr not defined

tpm2-tss

CXXLD    test/fuzz/Tss2_Sys_Rewrap_Prepare.fuzz
/usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../libFuzzingEngine.a(aflpp_driver.o): In function `main':
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:236: undefined reference to `__afl_manual_init'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:244: undefined reference to `__afl_manual_init'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:251: undefined reference to `__afl_persistent_loop'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:251: undefined reference to `__afl_persistent_loop'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:262: undefined reference to `__afl_fuzz_len'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:265: undefined reference to `__afl_fuzz_ptr'

ibmswtpm2

clang++  -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++ fuzzer.o AlgorithmCap.o AlgorithmTests.o AsymmetricCommands.o Attest_spt.o AttestationCommands.o AuditCommands.o Bits.o BnConvert.o BnEccData.o BnMath.o BnMemory.o Cancel.o CapabilityCommands.o Clock.o ClockCommands.o CommandAudit.o CommandCodeAttributes.o CommandDispatcher.o ContextCommands.o Context_spt.o CryptDes.o CryptCmac.o CryptEccKeyExchange.o CryptEccMain.o CryptEccSignature.o CryptHash.o CryptHashData.o CryptPrime.o CryptPrimeSieve.o CryptRand.o CryptRsa.o CryptSelfTest.o CryptSmac.o CryptSym.o CryptUtil.o DA.o DictionaryCommands.o DuplicationCommands.o EACommands.o EncryptDecrypt_spt.o Entity.o Entropy.o EphemeralCommands.o ExecCommand.o Global.o Handle.o HashCommands.o Hierarchy.o HierarchyCommands.o IoBuffers.o IntegrityCommands.o Locality.o LocalityPlat.o ManagementCommands.o Manufacture.o Marshal.o MathOnByteBuffers.o Memory.o NVCommands.o NVDynamic.o NVMem.o NVReserved.o NV_spt.o Object.o ObjectCommands.o Object_spt.o PCR.o PP.o PPPlat.o PlatformData.o Policy_spt.o Power.o PowerPlat.o PrimeData.o PropertyCap.o RandomCommands.o Response.o ResponseCodeProcessing.o RsaKeyCache.o RunCommand.o Session.o SessionCommands.o SessionProcess.o SigningCommands.o StartupCommands.o SymmetricCommands.o TPMCmdp.o TPMCmds.o TestingCommands.o Ticket.o Time.o TpmFail.o TpmSizeChecks.o TpmToOsslDesSupport.o TpmToOsslMath.o TpmToOsslSupport.o Unique.o Unmarshal.o Vendor_TCG_Test.o ntc2lib.o ntc2.o TcpServerPosix.o -ggdb -DTPM_POSIX -DTPM_NUVOTON -lcrypto -lpthread -lrt -I. -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /usr/lib/libFuzzingEngine.a -o fuzz_tpm_server
/usr/lib/libFuzzingEngine.a(aflpp_driver.o): In function `main':
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:236: undefined reference to `__afl_manual_init'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:244: undefined reference to `__afl_manual_init'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:251: undefined reference to `__afl_persistent_loop'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:251: undefined reference to `__afl_persistent_loop'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:262: undefined reference to `__afl_fuzz_len'
/src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:265: undefined reference to `__afl_fuzz_ptr'

cryptofuzz

Step #32: # cmd/trace
Step #32: loadelf: /src/go/pkg/linux_amd64/runtime/cgo.a(_x006.o): 181418: sym#7: ignoring symbol in section 9 (type 0)
Step #32: net(.text._cgo_26061493d47f_C2func_getaddrinfo): relocation target __afl_area_ptr not defined
Step #32: net(.text._cgo_26061493d47f_Cfunc_freeaddrinfo): relocation target __afl_area_ptr not defined
Step #32: net(.text._cgo_26061493d47f_Cfunc_gai_strerror): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_notify_runtime_init_done): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_mmap): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_munmap): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_setenv): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_unsetenv): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_sigaction): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_callers): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_thread_start): relocation target __afl_area_ptr not defined
Step #32: runtime/cgo(.text.x_cgo_thread_start): relocation target _cgo_sys_thread_start not defined
Step #32: _cgo_init: relocation target x_cgo_init not defined

if these are just the -fsanitize=fuzzer issues, i can check tmrw on why your stripping is not working.

fixed stripping of -fsanitize=fuzzer properly in https://github.com/google/oss-fuzz/pull/5090. but it does not fix build failures in last comment.

we pass these to build.sh

CC=/src/aflplusplus/afl-clang-fast
CXX=/src/aflplusplus/afl-clang-fast++
CFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope 
CXXFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope  -stdlib=libc++
---------------------------------------------------------------

project can go weird things in its build system files, if it is adding bad things, then build should fail. otherwise, need to check why afl-clang-fast is failing and plain clang did not.

on the plus side - the rest that fails all have the same issue, so once that is figured out it is hopefully done :)

usrsctp

this is failing for two reasons - non my issue :)

still '-fsanitize=fuzzer-no-link' '-fsanitize=fuzzer' are set in C*FLAGS - I would propose reputting in my stripping code
/out/libAFLDriver.a is missing on the compile line that fails (so no $LIB_FUZZING_ENGINE seems to be present). with makes sense as the presence of -fsanitize=fuzzer tells us the project owner doesnt need/use the engine and gets the main() from the sanitizer. with these two changes it compiles fine. I am contemplating a patch to our compiler wrapper to automagically fix these wrong settings ...

tpm2-tss:

the issue is that it is not picking up CC/CXX:

make -n fuzz-targets
...
echo "  CXXLD   " test/fuzz/Tss2_Sys_PolicyAuthorizeNV_Complete.fuzz;/bin/bash ./libtool --silent --tag=CXX   --mode=link clang++  -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope  -stdlib=libc++ -g -O0 -Wl,--no-undefined -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro    -o test/fuzz/Tss2_Sys_PolicyAuthorizeNV_Complete.fuzz test/fuzz/test_fuzz_Tss2_Sys_PolicyAuthorizeNV_Complete_fuzz-main-sys.o test/fuzz/test_fuzz_Tss2_Sys_PolicyAuthorizeNV_Complete_fuzz-Tss2_Sys_PolicyAuthorizeNV_Complete.fuzz.o  test/fuzz/tcti/libtss2-tcti-fuzzing.la test/fuzz/libfuzz_utils.la src/tss2-mu/libtss2-mu.la src/tss2-tcti/libtss2-tctildr.la    src/tss2-tcti/libtss2-tcti-pcap.la src/tss2-tcti/libtss2-tcti-cmd.la src/tss2-sys/libtss2-sys.la src/tss2-esys/libtss2-esys.la src/tss2-rc/libtss2-rc.la  -lcrypto libutil.la  test/fuzz/libfuzz_utils.la  -lFuzzingEngine

If I change that line to use afl-clang-fast++ it compiles fine. My guess: this target needs to set LD=afl-clang-fast++ (but doing export LD=... prior to compile is not picked up)

ibmswtpm2:

your paste already shows it is not using afl-clang-fast++ but clang++ - that is the issue. same thing as above?

 bignum-fuzzer:

./make.bash Building Go cmd/dist using /usr/lib/go-1.9. (go1.9.4 linux/amd64) Building Go toolchain1 using /usr/lib/go-1.9. Building Go bootstrap cmd/go (go_bootstrap) using Go toolchain1. Building Go toolchain2 using go_bootstrap and Go toolchain1. Building Go toolchain3 using go_bootstrap and Go toolchain2. Building packages and commands for linux/amd64.
cmd/trace

loadelf: /src/go/pkg/linux_amd64/runtime/cgo.a(_x006.o): 181418: sym#7: ignoring symbol in section 9 (type 0) net(.text._cgo_26061493d47f_C2func_getaddrinfo): relocation target __afl_area_ptr not defined

I tried to manipulate build.sh and make.bash to show what is actually happening but failing. Therefore no clue what the command line is that fails :-(

  cryptofuzz:

is using bignum-fuzzer hence breaks at that step.

If you want it - this commit ID will automagically fix all -fsanitize=fuzzer and -fsantize-coverage incl. a fixup to add AflDriver.a if -fsanitize=fuzzer was set:

diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index 0b06396..328535c 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -151,7 +151,7 @@ RUN git clone -b stable https://github.com/google/AFL.git afl

 RUN git clone -b stable https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
     cd aflplusplus && \
-    git checkout 654f389e73c9fd5b7e141b33ea28ab0fdda3178f
+    git checkout 1f71b85426f837ebcae8381897d44a3a67c73a4f

 RUN cd $SRC && \
     curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \

Did any issues come up where afl-fuzz terminates or crashes on startup? due the non-AFL_MAP_SIZE patch?

any other issues still present? (beside the cryptofuzz targets)

Remaining projects are these: (not blockers)

libreoffice 
mercurial 
lua 
cryptofuzz 
ibmswtpm2 
bignum-fuzzer 
tpm2-tss 
libcacard

@guidovranken - can you please look at getting afl++ fixed for cryptofuzz, bignum-fuzzer @rlohning - i think you are looking at ibmswtpm2 and tpm2-tss already lua looks super simple fix, i am waiting on dev to fix $CC in sed

Still need to find time to look at runtime stuff.

@vanhauser-thc - looked at runtime failures, there are some targets running into this, should i set AFL_MAP_SIZE= 4194304? Or best to fix this so that auto-detect logic cares of this right ?

bot_name: "oss-fuzz-linux-zone3-worker-gdal-zk9g"   
  context: {…}   
  created: "2021-02-05T01:32:48.498684Z"   
  extras: {
   engine_output: "[1;93m[!] [1;97mWARNING: [0mPotentially mistyped AFL environment variable: USE_MINIJAIL=False, did you mean AFL_USE_MINIJAIL=False?[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CRASHES with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CPUFREQ with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_BENCH_UNTIL_CRASH with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[0;36mafl-fuzz++3.01a[0m based on afl by Michal Zalewski and a big online community
[1;92m[+] [0mafl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier[0m
[1;92m[+] [0mafl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus[0m
[1;92m[+] [0mNOTE: This is v3.x which changes defaults and behaviours - see README.md[0m
[1;92m[+] [0mLoaded environment variable ASAN_OPTIONS with value abort_on_error=1:alloc_dealloc_mismatch=0:allocator_may_return_null=1:allocator_release_to_os_interval_ms=500:allow_user_segv_handler=0:check_malloc_usable_size=0:detect_leaks=1:detect_odr_violation=0:detect_stack_use_after_return=1:fast_unwind_on_fatal=0:handle_abort=2:handle_segv=2:handle_sigbus=2:handle_sigfpe=2:handle_sigill=2:max_uar_stack_size_log=16:print_scariness=1:print_summary=1:print_suppressions=0:quarantine_size_mb=64:redzone=32:strict_memcmp=1:strip_path_prefix=/workspace/:symbolize=0:use_sigaltstack=1[0m
[1;94m[*] [0mGetting to work...[0m
[1;92m[+] [0mUsing exponential power schedule (FAST)[0m
[1;92m[+] [0mLoaded environment variable AFL_FAST_CAL with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;92m[+] [0mEnabled testcache with 50 MB[0m
[1;92m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;94m[*] [0mChecking core_pattern...[0m
[1;92m[+] [0mYou have 1 CPU core and 1 runnable tasks (utilization: 100%).[0m
[1;94m[*] [0mSetting up output directories...[0m
[1;93m[!] [1;97mWARNING: [0mno -M main node found. It is recommended to run exactly one main instance.[0m
[1;94m[*] [0mScanning '/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_input_dir'...[0m
[1;92m[+] [0mLoaded a total of 14211 seeds.[0m
[1;94m[*] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;94m[*] [0mCreating hard links for all input files...[0m
[1;94m[*] [0mValidating target binary...[0m
[1;92m[+] [0m[1;95mPersistent mode binary detected.[0m
[1;92m[+] [0m[1;95mDeferred forkserver binary detected.[0m
[1;94m[*] [0mSpinning up the fork server...[0m

[1;91m[-] [0mWhoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The target binary requires a large map and crashes before reporting.
      Set a high value (e.g. AFL_MAP_SIZE=1024000) or use AFL_DEBUG=1 to see the
      message from the target binary

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <afl-users@googlegroups.com> for troubleshooting tips.
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mFork server crashed with signal 6[1;91m
         Location : [0mafl_fsrv_start(), src/afl-forkserver.c:886

bot_name: "oss-fuzz-linux-zone3-worker-ghostscript-fz91"   
  context: {…}   
  created: "2021-02-05T01:32:17.759198Z"   
  extras: {
   engine_output: "[1;93m[!] [1;97mWARNING: [0mPotentially mistyped AFL environment variable: USE_MINIJAIL=False, did you mean AFL_USE_MINIJAIL=False?[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CRASHES with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CPUFREQ with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_BENCH_UNTIL_CRASH with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/stderr.out[0m
[0;36mafl-fuzz++3.01a[0m based on afl by Michal Zalewski and a big online community
[1;92m[+] [0mafl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier[0m
[1;92m[+] [0mafl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus[0m
[1;92m[+] [0mNOTE: This is v3.x which changes defaults and behaviours - see README.md[0m
[1;92m[+] [0mLoaded environment variable ASAN_OPTIONS with value abort_on_error=1:alloc_dealloc_mismatch=0:allocator_may_return_null=1:allocator_release_to_os_interval_ms=500:allow_user_segv_handler=0:check_malloc_usable_size=0:detect_leaks=1:detect_odr_violation=0:detect_stack_use_after_return=1:fast_unwind_on_fatal=0:handle_abort=2:handle_segv=2:handle_sigbus=2:handle_sigfpe=2:handle_sigill=2:max_uar_stack_size_log=16:print_scariness=1:print_summary=1:print_suppressions=0:quarantine_size_mb=64:redzone=32:strict_memcmp=1:strip_path_prefix=/workspace/:symbolize=0:use_sigaltstack=1[0m
[1;94m[*] [0mGetting to work...[0m
[1;92m[+] [0mUsing exponential power schedule (FAST)[0m
[1;92m[+] [0mLoaded environment variable AFL_FAST_CAL with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;92m[+] [0mEnabled testcache with 50 MB[0m
[1;92m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;94m[*] [0mChecking core_pattern...[0m
[1;92m[+] [0mYou have 1 CPU core and 1 runnable tasks (utilization: 100%).[0m
[1;94m[*] [0mSetting up output directories...[0m
[1;93m[!] [1;97mWARNING: [0mno -M main node found. It is recommended to run exactly one main instance.[0m
[1;94m[*] [0mScanning '/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_input_dir'...[0m
[1;92m[+] [0mLoaded a total of 9123 seeds.[0m
[1;94m[*] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;94m[*] [0mCreating hard links for all input files...[0m
[1;94m[*] [0mValidating target binary...[0m
[1;92m[+] [0m[1;95mPersistent mode binary detected.[0m
[1;92m[+] [0m[1;95mDeferred forkserver binary detected.[0m
[1;94m[*] [0mAttempting dry run with 'id:000000,time:0,orig:00038ef7a147a82d9119f47bfc3c2ef5e11246de'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:321

bot_name: "oss-fuzz-linux-zone3-worker-wireshark-x57c"   
  context: {…}   
  created: "2021-02-05T01:30:14.643934Z"   
  extras: {
   engine_output: "[1;93m[!] [1;97mWARNING: [0mPotentially mistyped AFL environment variable: USE_MINIJAIL=False, did you mean AFL_USE_MINIJAIL=False?[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CRASHES with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CPUFREQ with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_BENCH_UNTIL_CRASH with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[0;36mafl-fuzz++3.01a[0m based on afl by Michal Zalewski and a big online community
[1;92m[+] [0mafl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier[0m
[1;92m[+] [0mafl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus[0m
[1;92m[+] [0mNOTE: This is v3.x which changes defaults and behaviours - see README.md[0m
[1;92m[+] [0mLoaded environment variable ASAN_OPTIONS with value abort_on_error=1:alloc_dealloc_mismatch=0:allocator_may_return_null=1:allocator_release_to_os_interval_ms=500:allow_user_segv_handler=0:check_malloc_usable_size=0:detect_leaks=1:detect_odr_violation=0:detect_stack_use_after_return=1:fast_unwind_on_fatal=0:handle_abort=2:handle_segv=2:handle_sigbus=2:handle_sigfpe=2:handle_sigill=2:max_uar_stack_size_log=16:print_scariness=1:print_summary=1:print_suppressions=0:quarantine_size_mb=64:redzone=32:strict_memcmp=1:strip_path_prefix=/workspace/:symbolize=0:use_sigaltstack=1[0m
[1;94m[*] [0mGetting to work...[0m
[1;92m[+] [0mUsing exponential power schedule (FAST)[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;92m[+] [0mEnabled testcache with 50 MB[0m
[1;92m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;94m[*] [0mChecking core_pattern...[0m
[1;92m[+] [0mYou have 1 CPU core and 1 runnable tasks (utilization: 100%).[0m
[1;94m[*] [0mSetting up output directories...[0m
[1;93m[!] [1;97mWARNING: [0mno -M main node found. It is recommended to run exactly one main instance.[0m
[1;94m[*] [0mScanning '/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_input_dir'...[0m
[1;92m[+] [0mLoaded a total of 100 seeds.[0m
[1;94m[*] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;94m[*] [0mCreating hard links for all input files...[0m
[1;94m[*] [0mValidating target binary...[0m
[1;92m[+] [0m[1;95mPersistent mode binary detected.[0m
[1;92m[+] [0m[1;95mDeferred forkserver binary detected.[0m
[1;94m[*] [0mSpinning up the fork server...[0m

[1;91m[-] [0mWhoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The target binary requires a large map and crashes before reporting.
      Set a high value (e.g. AFL_MAP_SIZE=1024000) or use AFL_DEBUG=1 to see the
      message from the target binary

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <afl-users@googlegroups.com> for troubleshooting tips.
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mFork server crashed with signal 6[1;91m
         Location : [0mafl_fsrv_start(), src/afl-forkserver.c:886

bot_name: "oss-fuzz-linux-zone5-worker-suricata-x7q9"   
  context: {…}   
  created: "2021-02-05T01:29:45.151003Z"   
  extras: {
   engine_output: "[1;93m[!] [1;97mWARNING: [0mPotentially mistyped AFL environment variable: USE_MINIJAIL=False, did you mean AFL_USE_MINIJAIL=False?[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CRASHES with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CPUFREQ with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_BENCH_UNTIL_CRASH with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/stderr.out[0m
[0;36mafl-fuzz++3.01a[0m based on afl by Michal Zalewski and a big online community
[1;92m[+] [0mafl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier[0m
[1;92m[+] [0mafl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus[0m
[1;92m[+] [0mNOTE: This is v3.x which changes defaults and behaviours - see README.md[0m
[1;92m[+] [0mLoaded environment variable ASAN_OPTIONS with value abort_on_error=1:alloc_dealloc_mismatch=0:allocator_may_return_null=1:allocator_release_to_os_interval_ms=500:allow_user_segv_handler=0:check_malloc_usable_size=0:detect_leaks=1:detect_odr_violation=0:detect_stack_use_after_return=1:fast_unwind_on_fatal=0:handle_abort=2:handle_segv=2:handle_sigbus=2:handle_sigfpe=2:handle_sigill=2:max_uar_stack_size_log=16:print_scariness=1:print_summary=1:print_suppressions=0:quarantine_size_mb=64:redzone=32:strict_memcmp=1:strip_path_prefix=/workspace/:symbolize=0:use_sigaltstack=1[0m
[1;94m[*] [0mGetting to work...[0m
[1;92m[+] [0mUsing exponential power schedule (FAST)[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;92m[+] [0mEnabled testcache with 50 MB[0m
[1;92m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;94m[*] [0mChecking core_pattern...[0m
[1;92m[+] [0mYou have 1 CPU core and 1 runnable tasks (utilization: 100%).[0m
[1;94m[*] [0mSetting up output directories...[0m
[1;93m[!] [1;97mWARNING: [0mno -M main node found. It is recommended to run exactly one main instance.[0m
[1;94m[*] [0mScanning '/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_input_dir'...[0m
[1;92m[+] [0mLoaded a total of 100 seeds.[0m
[1;94m[*] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;94m[*] [0mCreating hard links for all input files...[0m
[1;94m[*] [0mValidating target binary...[0m
[1;92m[+] [0m[1;95mPersistent mode binary detected.[0m
[1;92m[+] [0m[1;95mDeferred forkserver binary detected.[0m
[1;94m[*] [0mAttempting dry run with 'id:000000,time:0,orig:004bb2c1f074f34c7d190d1fc0da10d04c78e015'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:321

bot_name: "oss-fuzz-linux-zone7-worker-wireshark-rlxp"   
  context: {…}   
  created: "2021-02-05T01:22:49.542588Z"   
  extras: {
   engine_output: "[1;93m[!] [1;97mWARNING: [0mPotentially mistyped AFL environment variable: USE_MINIJAIL=False, did you mean AFL_USE_MINIJAIL=False?[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CRASHES with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_SKIP_CPUFREQ with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_BENCH_UNTIL_CRASH with value 1[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[0;36mafl-fuzz++3.01a[0m based on afl by Michal Zalewski and a big online community
[1;92m[+] [0mafl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier[0m
[1;92m[+] [0mafl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus[0m
[1;92m[+] [0mNOTE: This is v3.x which changes defaults and behaviours - see README.md[0m
[1;92m[+] [0mLoaded environment variable ASAN_OPTIONS with value abort_on_error=1:alloc_dealloc_mismatch=0:allocator_may_return_null=1:allocator_release_to_os_interval_ms=500:allow_user_segv_handler=0:check_malloc_usable_size=0:detect_leaks=1:detect_odr_violation=0:detect_stack_use_after_return=1:fast_unwind_on_fatal=0:handle_abort=2:handle_segv=2:handle_sigbus=2:handle_sigfpe=2:handle_sigill=2:max_uar_stack_size_log=16:print_scariness=1:print_summary=1:print_suppressions=0:quarantine_size_mb=64:redzone=16:strict_memcmp=1:strip_path_prefix=/workspace/:symbolize=0:use_sigaltstack=1[0m
[1;94m[*] [0mGetting to work...[0m
[1;92m[+] [0mUsing exponential power schedule (FAST)[0m
[1;92m[+] [0mLoaded environment variable AFL_EXPAND_HAVOC_NOW with value 1[0m
[1;92m[+] [0mEnabled testcache with 50 MB[0m
[1;92m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;94m[*] [0mChecking core_pattern...[0m
[1;92m[+] [0mYou have 1 CPU core and 1 runnable tasks (utilization: 100%).[0m
[1;94m[*] [0mSetting up output directories...[0m
[1;93m[!] [1;97mWARNING: [0mno -M main node found. It is recommended to run exactly one main instance.[0m
[1;94m[*] [0mScanning '/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_input_dir'...[0m
[1;92m[+] [0mLoaded a total of 20 seeds.[0m
[1;94m[*] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;94m[*] [0mCreating hard links for all input files...[0m
[1;94m[*] [0mValidating target binary...[0m
[1;92m[+] [0m[1;95mPersistent mode binary detected.[0m
[1;92m[+] [0m[1;95mDeferred forkserver binary detected.[0m
[1;94m[*] [0mSpinning up the fork server...[0m

[1;91m[-] [0mWhoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The target binary requires a large map and crashes before reporting.
      Set a high value (e.g. AFL_MAP_SIZE=1024000) or use AFL_DEBUG=1 to see the
      message from the target binary

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <afl-users@googlegroups.com> for troubleshooting tips.
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mFork server crashed with signal 6[1;91m
         Location : [0mafl_fsrv_start(), src/afl-forkserver.c:886

Both afl-fuzz and afl-showmap running into this.

E 2021-02-05T01:25:38.763745509Z afl: engine encountered an error (target=gdal_translate_fuzzer) 
E 2021-02-05T01:25:38.762388484Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:25:35.049710678Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:25:35.048519191Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:25:13.664054492Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:25:13.662229275Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:25:13.618234856Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/keystone_fuzz_asm_sparc/23b632578cfc36b9060df10cb7c3df549c149962 (45 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc', '1']
Return code: 1
Time executed: 0.008539438247680664
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1c2b0c8-0x1c80244 (87135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 87136 to be able to run this instrumented program!
DEBUG: id_str 4, __afl_area_ptr 0x7f84ef105800, __afl_area_initial 0x25afef0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 87136, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:25:06.897960204Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:25:06.896280904Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:52.097355721Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/rdkit_mol_data_stream_to_mol_fuzzer/978f5834dd5fac0617a61c94da765e701c078042 (180 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap', '-t1000+', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer', '1']
Return code: 1
Time executed: 0.6601383686065674
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x172bd50-0x176c550 (66048 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 66048 to be able to run this instrumented program!
DEBUG: id_str 62259244, __afl_area_ptr 0x7f5c04905800, __afl_area_initial 0x2098590, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 66048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap -t1000+ -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:24:38.194189220Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:38.192755759Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:34.162516810Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:34.160996380Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:29.441745904Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.00788259506225586
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 8, __afl_area_ptr 0x7f65be705800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:24:29.190706447Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:24:29.188707004Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:28.404576183Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0106942653656006
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 917516, __afl_area_ptr 0x7f4976d05800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:24:28.200206581Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:28.198749251Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:24.201739338Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:24.200338246Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:23.653647981Z afl: engine encountered an error (target=gdal_envi_fuzzer) 
E 2021-02-05T01:24:23.652262787Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:20.346718855Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/keystone_fuzz_asm_ppc32be/35b8d5efd764f9038b3053aced1b16e128d0b014 (16 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_ppc32be', '1']
Return code: 1
Time executed: 0.009319782257080078
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1c2b0c8-0x1c80244 (87135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 87136 to be able to run this instrumented program!
DEBUG: id_str 24838186, __afl_area_ptr 0x7f9cc8d05800, __afl_area_initial 0x25afef0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 87136, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_ppc32be 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_ppc32be'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:24:19.484072351Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:24:19.482320635Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:16.670437053Z afl: engine encountered an error (target=suricata_fuzz_mimedecparseline) 
E 2021-02-05T01:24:16.668914067Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:15.829861851Z afl: engine encountered an error (target=suricata_fuzz_confyamlloadstring) 
E 2021-02-05T01:24:15.828461556Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:15.439018403Z afl: engine encountered an error (target=gdal_envi_fuzzer) 
E 2021-02-05T01:24:15.424490195Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:14.565202364Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:14.563720671Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:12.163514024Z afl: engine encountered an error (target=suricata_fuzz_mimedecparseline) 
E 2021-02-05T01:24:12.161911985Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:08.683427804Z afl: engine encountered an error (target=suricata_fuzz_confyamlloadstring) 
E 2021-02-05T01:24:08.682202836Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:08.258675004Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:08.257483154Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:06.590262649Z afl: engine encountered an error (target=gdal_isce_fuzzer) 
E 2021-02-05T01:24:06.588804590Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:01.763447564Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:01.761118143Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:24:00.019066417Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:24:00.017851042Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:57.943724209Z afl: engine encountered an error (target=gdal_isce_fuzzer) 
E 2021-02-05T01:23:57.943324266Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:57.521769419Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:57.520162079Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:56.003221238Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:56.001929378Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:50.326206448Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.008040189743041992
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 113868808, __afl_area_ptr 0x7ff176c05800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:23:46.917862305Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/keystone_fuzz_asm_sparc/23b632578cfc36b9060df10cb7c3df549c149962 (45 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc', '1']
Return code: 1
Time executed: 0.00791025161743164
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1c2b0c8-0x1c80244 (87135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 87136 to be able to run this instrumented program!
DEBUG: id_str 172884022, __afl_area_ptr 0x7f4cffe05800, __afl_area_initial 0x25afef0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 87136, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_sparc'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:23:33.736597907Z afl: engine encountered an error (target=gdal_csv_fuzzer) 
E 2021-02-05T01:23:33.735147218Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:27.450000502Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:27.448477158Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:26.413096772Z afl: engine encountered an error (target=gdal_csv_fuzzer) 
E 2021-02-05T01:23:26.410756613Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:21.884726974Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:21.883449652Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:16.866054310Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.09755182266235352
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 111804458, __afl_area_ptr 0x7fdd75a05800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:23:15.585662999Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:15.584380858Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:12.223479336Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:12.222189193Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:11.486481682Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:11.484992177Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:09.150631106Z afl: engine encountered an error (target=envoy_server_fuzz_test) 
E 2021-02-05T01:23:09.149167863Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:23:08.169487447Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:23:08.168174202Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:58.447647237Z afl: engine encountered an error (target=envoy_server_fuzz_test) 
E 2021-02-05T01:22:58.445646548Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:56.238913381Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/bloaty_fuzz_target/c6a5b201d4208ac4c976c1e52f99fb12209c38db (15203 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target', '1']
Return code: 1
Time executed: 0.010750532150268555
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x211b018-0x2177ccc (95021 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 95040 to be able to run this instrumented program!
DEBUG: id_str 10, __afl_area_ptr 0x7f4fc5705800, __afl_area_initial 0x2be0f80, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 95040, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:55.911195719Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:55.909270766Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:54.067560073Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:22:54.065937181Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:49.699392799Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:22:49.697818057Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:49.542983637Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:49.540865155Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:48.901803105Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.007925748825073242
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 2, __afl_area_ptr 0x7f4eb7d05800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:47.055100308Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:47.053348981Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:45.491518827Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/cppcheck_oss-fuzz-client/4f6e33a5ef68d39425b17f3e6890c8bab422129b (7 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_cppcheck_5611276532294d8b04e105824dddf1150cef8a7f/revisions/afl-showmap', '-t1000+', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_cppcheck_5611276532294d8b04e105824dddf1150cef8a7f/revisions/oss-fuzz-client', '1']
Return code: 1
Time executed: 2.0077648162841797
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1e06880-0x1e6a8b8 (102414 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 102432 to be able to run this instrumented program!
DEBUG: id_str 1835034, __afl_area_ptr 0x7fde87205800, __afl_area_initial 0x2798770, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 102432, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_DONT_DEFER=1[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_cppcheck_5611276532294d8b04e105824dddf1150cef8a7f/revisions/afl-showmap -t1000+ -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_cppcheck_5611276532294d8b04e105824dddf1150cef8a7f/revisions/oss-fuzz-client 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_cppcheck_5611276532294d8b04e105824dddf1150cef8a7f/revisions/oss-fuzz-client'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:40.679146489Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:40.677363842Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:40.109769323Z afl: engine encountered an error (target=suricata_fuzz_applayerparserparse) 
E 2021-02-05T01:22:40.108361366Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:35.049605992Z afl: engine encountered an error (target=suricata_fuzz_applayerparserparse) 
E 2021-02-05T01:22:35.048420167Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:32.096685510Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0100367069244385
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 1802270, __afl_area_ptr 0x7f6c7d905800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:29.345999540Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:29.344227560Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:28.548621262Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/rdkit_mol_data_stream_to_mol_fuzzer/978f5834dd5fac0617a61c94da765e701c078042 (180 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer', '1']
Return code: 1
Time executed: 0.006443500518798828
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x172bd50-0x176c550 (66048 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 66048 to be able to run this instrumented program!
DEBUG: id_str 6, __afl_area_ptr 0x7f0fa32f5800, __afl_area_initial 0x2098590, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 66048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:21.669872867Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:22:21.668118672Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:12.085641057Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/bloaty_fuzz_target/f15fbd548e6466c0737e11702262f32068c8f2d6 (136 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target', '1']
Return code: 1
Time executed: 0.008417367935180664
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x211b018-0x2177ccc (95021 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 95040 to be able to run this instrumented program!
DEBUG: id_str 20807690, __afl_area_ptr 0x7fa441d05800, __afl_area_initial 0x2be0f80, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 95040, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_bloaty_286a97bceb83e72111a30e3197a41b3c4d5d2565/revisions/fuzz_target'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:22:09.926775933Z afl: engine encountered an error (target=wireshark_fuzzshark_ip) 
E 2021-02-05T01:22:09.925149717Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:09.917059634Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:22:09.914337436Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:06.014637319Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:22:06.013417310Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:01.427127313Z afl: engine encountered an error (target=wireshark_fuzzshark_ip) 
E 2021-02-05T01:22:01.424918259Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:22:01.169855535Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0112781524658203
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 1802266, __afl_area_ptr 0x7fe181a05800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:58.602705112Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0099620819091797
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 1802266, __afl_area_ptr 0x7f1ed9505800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:58.160091169Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/rdkit_mol_data_stream_to_mol_fuzzer/978f5834dd5fac0617a61c94da765e701c078042 (180 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-387/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer', '1']
Return code: 1
Time executed: 0.0066986083984375
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x172bd50-0x176c550 (66048 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 66048 to be able to run this instrumented program!
DEBUG: id_str 142639148, __afl_area_ptr 0x7fb041505800, __afl_area_initial 0x2098590, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 66048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-387/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:57.336622246Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:21:57.334673980Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:56.229198378Z afl: engine encountered an error (target=gdal_csv_fuzzer) 
E 2021-02-05T01:21:56.227917239Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:55.533261399Z afl: engine encountered an error (target=suricata_fuzz_sigpcap) 
E 2021-02-05T01:21:55.531815119Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:54.217492446Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/rdkit_mol_data_stream_to_mol_fuzzer/978f5834dd5fac0617a61c94da765e701c078042 (180 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer', '1']
Return code: 1
Time executed: 0.006305217742919922
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x172bd50-0x176c550 (66048 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 66048 to be able to run this instrumented program!
DEBUG: id_str 2, __afl_area_ptr 0x7f5f87d05800, __afl_area_initial 0x2098590, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 66048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:52.043471365Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:21:52.042193487Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:50.842868263Z afl: engine encountered an error (target=gdal_csv_fuzzer) 
E 2021-02-05T01:21:50.841422429Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:50.603041093Z afl: engine encountered an error (target=wireshark_fuzzshark_media_type-json) 
E 2021-02-05T01:21:50.602610903Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:49.686412875Z afl: engine encountered an error (target=suricata_fuzz_sigpcap) 
E 2021-02-05T01:21:49.685012223Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:48.614240815Z afl: engine encountered an error (target=gdal_lvbag_fuzzer) 
E 2021-02-05T01:21:48.613026844Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:48.560060932Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/rdkit_mol_data_stream_to_mol_fuzzer/978f5834dd5fac0617a61c94da765e701c078042 (180 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-387/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer', '1']
Return code: 1
Time executed: 0.006770133972167969
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x172bd50-0x176c550 (66048 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 66048 to be able to run this instrumented program!
DEBUG: id_str 142639144, __afl_area_ptr 0x7fd2b6b05800, __afl_area_initial 0x2098590, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 66048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-387/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_rdkit_0fe627251abd7360ef0842eeb7299b7440a4c1fc/revisions/mol_data_stream_to_mol_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:46.943439563Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:21:46.942289627Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:41.364603645Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.01106858253479
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 4522024, __afl_area_ptr 0x7f0418705800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:37.550856220Z afl: engine encountered an error (target=gdal_lvbag_fuzzer) 
E 2021-02-05T01:21:37.550370053Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:36.521652786Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0095815658569336
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 1802268, __afl_area_ptr 0x7f3b38305800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:21:30.188274982Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:21:30.186933698Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:21:24.030111192Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:21:24.028912980Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:59.180037638Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.00829458236694336
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 4, __afl_area_ptr 0x7fe59a605800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-389/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:20:54.070723671Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:20:54.069532320Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:49.998267492Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:20:49.996796508Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:35.998751399Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:20:35.997370657Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:32.857651738Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:20:32.855602306Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:27.235798731Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:20:27.234397332Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:24.861610765Z afl: engine encountered an error (target=gdal_mitab_tab_fuzzer) 
E 2021-02-05T01:20:24.835822264Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:24.454762457Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:20:24.453020740Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:05.968628421Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/freeimage_load_from_memory_fuzzer/1a00a85416a678d39659d76ba5a7d4d753d0aabc (64 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_freeimage_7701f3dcc59536f0661b28032f15101340ca45ba/revisions/afl-showmap', '-t1000+', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_freeimage_7701f3dcc59536f0661b28032f15101340ca45ba/revisions/load_from_memory_fuzzer', '1']
Return code: 1
Time executed: 0.009909391403198242
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20bfb28-0x210fd20 (82046 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 82048 to be able to run this instrumented program!
DEBUG: id_str 360611872, __afl_area_ptr 0x7fe7ee305800, __afl_area_initial 0x2a3bc00, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 82048, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_freeimage_7701f3dcc59536f0661b28032f15101340ca45ba/revisions/afl-showmap -t1000+ -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_freeimage_7701f3dcc59536f0661b28032f15101340ca45ba/revisions/load_from_memory_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_freeimage_7701f3dcc59536f0661b28032f15101340ca45ba/revisions/load_from_memory_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:20:03.407549535Z afl: engine encountered an error (target=wireshark_fuzzshark_ip_proto-ospf) 
E 2021-02-05T01:20:03.405451362Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:20:02.672198033Z afl: engine encountered an error (target=gdal_openfilegdb_fuzzer) 
E 2021-02-05T01:20:02.670929460Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:57.477923215Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/keystone_fuzz_asm_arm_arm/070eb207be977767f616dca3ea6abbfb1878d493 (3 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm', '1']
Return code: 1
Time executed: 0.007338047027587891
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1c2b0c8-0x1c80244 (87135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 87136 to be able to run this instrumented program!
DEBUG: id_str 10, __afl_area_ptr 0x7fb82c505800, __afl_area_initial 0x25afef0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 87136, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:19:56.863714639Z afl: engine encountered an error (target=wireshark_fuzzshark_ip_proto-ospf) 
E 2021-02-05T01:19:56.861858474Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:55.804738423Z afl: engine encountered an error (target=gdal_openfilegdb_fuzzer) 
E 2021-02-05T01:19:55.803261982Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:46.934269870Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:19:46.932881352Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:44.393821937Z afl: engine encountered an error (target=gdal_lvbag_fuzzer) 
E 2021-02-05T01:19:44.392320647Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:42.897685303Z afl: engine encountered an error (target=ghostscript_gstoraster_fuzzer) 
E 2021-02-05T01:19:42.896465758Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:39.071291527Z afl: engine encountered an error (target=gdal_lvbag_fuzzer) 
E 2021-02-05T01:19:39.069965819Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:36.199959828Z afl: engine encountered an error (target=wireshark_fuzzshark_udp_port-dhcp) 
E 2021-02-05T01:19:36.198295734Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:31.539300311Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.0097038745880127
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 8159290, __afl_area_ptr 0x7f6d40405800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:19:23.239176790Z afl: engine encountered an error (target=gdal_mitab_tab_fuzzer) 
E 2021-02-05T01:19:23.237669717Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:15.787116677Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:19:15.785660949Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:10.945605577Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:19:10.943776686Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:19:10.695267944Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/opencv_imdecode_fuzzer/41b4edc4db91cde0854d0430441cc41483dad651 (647 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_opencv_76c1546585abff7a602421f328886b50b8be9ce6/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_opencv_76c1546585abff7a602421f328886b50b8be9ce6/revisions/imdecode_fuzzer', '1']
Return code: 1
Time executed: 0.009231328964233398
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x48afec0-0x495a8d4 (174725 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 174752 to be able to run this instrumented program!
DEBUG: id_str 10, __afl_area_ptr 0x7f4b63a05800, __afl_area_initial 0x5334e40, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 174752, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_opencv_76c1546585abff7a602421f328886b50b8be9ce6/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_opencv_76c1546585abff7a602421f328886b50b8be9ce6/revisions/imdecode_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_opencv_76c1546585abff7a602421f328886b50b8be9ce6/revisions/imdecode_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:19:02.476832910Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mupdf_pdf_fuzzer/b90ee1c5b14fb372be43f0eb0d9a243a099c9ff0 (625 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer', '1']
Return code: 1
Time executed: 2.009713888168335
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x41a2168-0x4207c84 (104135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 104160 to be able to run this instrumented program!
DEBUG: id_str 1835020, __afl_area_ptr 0x7f9a77705800, __afl_area_initial 0x4b37280, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 104160, max_size_forkserver 8388608/0x800000
[1;93m[!] [1;97mWARNING: [0mMistyped AFL environment variable: AFL_DRIVER_CLOSE_FD_MASK=3[0m
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_mupdf_72598fa5eaf39798954f7e369768d97a68ec5677/revisions/pdf_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:19:02.021316039Z afl: engine encountered an error (target=gdal_gml_fuzzer) 
E 2021-02-05T01:19:02.019906794Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:56.969275735Z afl: engine encountered an error (target=wireshark_fuzzshark_udp_port-dhcp) 
E 2021-02-05T01:18:56.967388988Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:56.553174715Z afl: engine encountered an error (target=gdal_gml_fuzzer) 
E 2021-02-05T01:18:56.552779983Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:54.111596526Z afl: engine encountered an error (target=suricata_fuzz_applayerparserparse) 
E 2021-02-05T01:18:54.110315180Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:50.901719471Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/keystone_fuzz_asm_arm_arm/070eb207be977767f616dca3ea6abbfb1878d493 (3 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm', '1']
Return code: 1
Time executed: 0.0077822208404541016
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x1c2b0c8-0x1c80244 (87135 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 87136 to be able to run this instrumented program!
DEBUG: id_str 4, __afl_area_ptr 0x7fc737a05800, __afl_area_initial 0x25afef0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 87136, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_keystone_8fc7e38dc9d38d6f7d58e8300505a3a969db8b59/revisions/fuzz_asm_arm_arm'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:18:49.668633312Z afl-showmap didn't output any coverage for file /mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/matio_fuzzer/b4ab86eed9c5d041897514cb318b5f21b43ad192 (2514 bytes).
Command: ['/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap', '-o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output', '-mnone', '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer', '1']
Return code: 1
Time executed: 0.008649349212646484
Output: [0;35m[D] [1;97mDEBUG: [0m[0mRunning __sanitizer_cov_trace_pc_guard_init: 0x20d39a8-0x2134b88 (99448 edges)
Warning: AFL++ tools will need to set AFL_MAP_SIZE to 99456 to be able to run this instrumented program!
DEBUG: id_str 113868802, __afl_area_ptr 0x7f3ef7905800, __afl_area_initial 0x2a60bc0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 99456, max_size_forkserver 8388608/0x800000
 /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/afl-showmap -o/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-368/afl_showmap_output -mnone /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer 1
[0;36mafl-showmap++3.01a[0m by Michal Zalewski
[1;94m[*] [0mExecuting '/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-afl_matio_a8bc8e69d355d4f417767ad8a2c5c986d004d695/revisions/matio_fuzzer'...[0m
[1;94m[*] [0mSpinning up the fork server...[0m
[1;92m[+] [0mAll right - fork server is up.[0m
[1;94m[*] [0mExtended forkserver functions received (f800018f).[0m
)B[?25h[0m[1;91m
[-] PROGRAM ABORT : [0mAFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.[1;91m
         Location : [0mreport_error_and_exit(), src/afl-forkserver.c:322

E 2021-02-05T01:18:49.462174994Z afl: engine encountered an error (target=suricata_fuzz_applayerparserparse) 
E 2021-02-05T01:18:49.460773678Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:48.365697881Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:18:48.364232065Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:44.577716174Z afl: engine encountered an error (target=suricata_fuzz_applayerprotodetectgetproto) 
E 2021-02-05T01:18:44.576183795Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:27.297309982Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:18:27.295846276Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:19.094252446Z afl: engine encountered an error (target=suricata_fuzz_siginit) 
E 2021-02-05T01:18:19.092723654Z Afl exited with a non-zero exitcode: 1. Cannot recover. 
E 2021-02-05T01:18:16.860375429Z afl: engine encountered an error (target=wireshark_fuzzshark_tcp_port-bgp) 
E 2021-02-05T01:18:16.836130458Z Afl exited with a non-zero exitcode: 1. Cannot recover.

Some brainstorming here. @inferno-chromium @jonathanmetzman @domenukk @hexcoder- @andreafioraldi (or anyone who wants to join in)

Lets start with: collision-free coverage is a huge step forward in fuzzing compared to a fixed map where edges can and will collide. with a default 64kb, just traversing 256 edges in a run has already a 50% of colliding once. So non-colliding is much better for detecting new coverage, plus for targets having less than 64kb edges (which is most of them) it is also faster because only that size has to be memset on a fuzz attempt, checked for interesting bits and hashed. With large targets obviously this will get much slower, but then the fixed map is totally pointless for coverage. Hence collision-free coverage is not an if, rather a how.

in collision-free coverage the shared memory map offered by afl-fuzz must be at least the size the target is using. the forkserver is telling afl-fuzz what the size requirement is. if the target is loading constructors before the forkserver is started this results in a crash. there is intelligence to not instrument constructors but constructors usually run other functions and these are instrumented.

Current implementation: start the target with a 256kb map, start the target, only if the reported size required is less than the 256kb the target is killed and restarted with an increased share memory map that matches what is required.

now there are a few other paths how to solve this - all having their own issues.

the forkserver is currently run with prio 65535 because constructors are a major source of instability, plus it is nothing of value for instrumentation because it does not read fuzz input data. Setting an earlier prio (e.g. 5 or 101) would still be an issue for a few targets running before that, but more targets would run without issues.
afl-fuzz could also set an environment variable that starts the forkserver at earliest possibility to grab the required map value, terminate the target and restart it with the learned value. Disadvantage: there are special setups that break, when the "target" is just a proxy program to the real target, and that proxy cannot be restarted (@domenukk maybe think about what could be done there?).
Provide a large share memory map that works for all/most targets. I have seen a few targets that need 1.2MB share memory, so putting e.g. 1.5MB as a default means a lot of share memory is not available if a target just needs 32kb.

TLDR:

1: earlier forkserver: PRO: more but not all targets work. CON: slower exec/s, more instability
2: triggered early forkserver to just get the map size: PRO: most targets work, CON: some setups do not work anymore (@domenukk)
3: large shared memory map: PRO most targets work, CON: waste of memory.
There will always a target that will require such a huge map that it is more than expected ;)

I would go for 2 and add (yet another ;-) ) env var that does not perform the this and rather trusts the AFL_MAP_SIZE value. That way I can also use a much larger initial shared memory map that I then resize, because in this scenario I must terminate and restart the target anyway because of the early forkserver.

so - thoughts, ideas, input?

Provide a large share memory map that works for all/most targets. I have seen a few targets that need 1.2MB share memory, so putting e.g. 1.5MB as a default means a lot of share memory is not available if a target just needs 32kb.

For OSS-Fuzz, as they use a VM for each instance IIRC, this is not a problem I guess. Just increase the sysfs parameter to allow more shared memory and set a huge AFL_MAP_SIZE.

CON: waste of memory.

Not an issue, if not used, the kernel will not allocate the pages.

Provide a large share memory map that works for all/most targets. I have seen a few targets that need 1.2MB share memory, so putting e.g. 1.5MB as a default means a lot of share memory is not available if a target just needs 32kb.

For OSS-Fuzz, as they use a VM for each instance IIRC, this is not a problem I guess. Just increase the sysfs parameter to allow more shared memory and set a huge AFL_MAP_SIZE.

CON: waste of memory.

Not an issue, if not used, the kernel will not allocate the pages.

it is shared memory that is allocated - is that not allocated hard instead of when needed? I dont know how this is implemented in the Linux kernel, so that should be verified.

(also how is that on MacOS and NetBSD?)

libcacard

here the issue is that nss-nspr breaks with -fsanitize-coverage=trace-pc-guard (with the real clang too) so this is something that should not have worked with vanilla afl either (leaving trace-pc-guard away makes it compile):

clang -fsanitize-coverage=trace-pc-guard -g -MMD -MF obj/lib/freebl/freeblpriv3.sha512.o.d '-DSHLIB_SUFFIX="so"' '-DSHLIB_PREFIX="lib"' '-DSHLIB_VERSION="3"' '-DSOFTOKEN_SHLIB_VERSION="3"' -DRIJNDAEL_INCLUDE_TABLES -DMP_API_COMPATIBLE -DHAVE_INT128_SUPPORT -DFREEBL_LOWHASH -DFREEBL_NO_DEPEND -DMP_IS_LITTLE_ENDIAN -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY -DNSS_USE_COMBA -DUSE_HW_AES -DINTEL_GCM -DNSS_FIPS_DISABLED -DNSS_NO_INIT_SUPPORT -DNSS_X86_OR_X64 -DNSS_X64 -DNSS_USE_64 -DSEED_ONLY_DEV_URANDOM -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DLINUX2_1 -DLINUX -Dlinux -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSQL_MEASURE_USE_TEMP_DIR -DHAVE_STRERROR -DXP_UNIX -D_REENTRANT -DNSS_DISABLE_DBM -DNSS_DISABLE_LIBPKIX -DDEBUG -I../../lib/freebl/mpi -I../../lib/freebl/ecl -I../../lib/freebl/verified -I../../lib/freebl/verified/kremlin/include -I../../lib/freebl/verified/kremlin/kremlib/dist/minimal -I../../lib/freebl/deprecated -I/src/nss-nspr/dist/Debug/include/nspr -I/src/nss-nspr/dist/private/nss -I/src/nss-nspr/dist/public/nss -no-integrated-as -fPIC -pipe -ffunction-sections -fdata-sections -m64 -Werror -Wall -Wno-array-bounds -Wno-unevaluated-expression -Wno-parentheses-equality -Qunused-arguments -Wshadow -O0 -g -gdwarf-2 -std=c99  -c ../../lib/freebl/sha512.c -o obj/lib/freebl/freeblpriv3.sha512.o
tmp/sha512-cbb130.s: Assembler messages:
/tmp/sha512-cbb130.s:18168: Fatal error: bad .section directive: want a,l,w,x,M,S,G,T in string
clang-12: error: assembler command failed with exit code 1 (use -v to see invocation)

for this specific target a temporary workaround would be to set this in the beginning of /src/build.sh (verified to work):

export AFL_LLVM_INSTRUMENT=CLASSIC,NGRAM-4

lua

lua builds fine when fixing sed.

mercurial

is not honoring CC/CXX:

clang -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope  -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
clang++ -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope  -stdlib=libc++ -Wno-deprecated-register -std=c++17 -I../../mercurial bdiff.cc \
  bdiff-oss-fuzz.o /usr/lib/libFuzzingEngine.a -o \
  $OUT/bdiff_fuzzer

libreoffice

still cloning ... this will take long 🗡️

Thanks a lot @vanhauser-thc libcacard - https://github.com/google/oss-fuzz/pull/5125 lua - https://github.com/google/oss-fuzz/pull/5126 mercurial - saw that too, some pip crap which caches CC/CXX

Regarding solutions, i am fine with 2) [like determine and restart since i dont think we have proxy style targets] OR using a large AFL map. Using AFL_MAP_SIZE=4194304 should fix all right, 4mb shouldn't be a big issue.

@vanhauser-thc we could invert the logic completely: the target already knows its map size, so it could set up the shared map on startup, write to that map, and tell afl-fuzz in the (extended) forkserver handshake. afl-fuzz would unmap its own shared map and load the one of the target.

ok, this is a super hacky idea, but you could also add an ELF section that would contain the map size.

I like hacky ideas, but in this case it's better during forkserver handshake as many targets are not valid ELFs (qemu-mode, proxy, ..) :)

@inferno-chromium

libreoffice

still cloning ... this will take long 🗡️

EDIT: nah that is not it. for whatever reason the linker reports:

/usr/bin/ld.gold: warning: Cannot export local symbol '__asan_extra_spill_area'
sd/source/filter/sdpptwrp.cxx:33313: error: undefined reference to 'ExportPPT'
sd/source/filter/sdpptwrp.cxx:1743: error: undefined reference to 'SaveVBA'
cppcanvas/source/wrapper/implcanvas.cxx:1259: error: undefined reference to 'canvas::tools::initViewState(com::sun::star::rendering::ViewState&)'
cppcanvas/source/wrapper/implcanvas.cxx:1376: error: undefined reference to 'canvas::tools::initViewState(com::sun::star::rendering::ViewState&)'
cppcanvas/source/wrapper/implcanvas.cxx:345: error: undefined reference to 'canvas::tools::setViewStateTransform(com::sun::star::rendering::ViewState&, basegfx::B2DHomMatrix const&)'

@inferno-chromium I found a workaround that works for most libreoffice fuzzers ... but ... maybe you have seen this issue before - when building libreoffice this happens:

[LNK] Executable/xlsxfuzzer
/usr/bin/ld.gold: warning: Cannot export local symbol '__asan_extra_spill_area'
clang-12: error: unable to execute command: Killed
clang-12: error: linker command failed due to signal (use -v to see invocation)
/src/libreoffice/vcl/Executable_xlsxfuzzer.mk:13: recipe for target '/work/instdir/program/xlsxfuzzer' failed
make[1]: *** [/work/instdir/program/xlsxfuzzer] Error 254
Makefile:166: recipe for target 'Executable_xlsxfuzzer' failed
make: *** [Executable_xlsxfuzzer] Error 2

so I add -v to the flags and see the ld.gold command line, copy + paste it to the command line, execute it - and it succeeds. from the 45 fuzzers, 40 build without problems, and 5 have this strange phenomenon...

@inferno-chromium I found a workaround that works for most libreoffice fuzzers ... but ... maybe you have seen this issue before - when building libreoffice this happens:
[LNK] Executable/xlsxfuzzer
/usr/bin/ld.gold: warning: Cannot export local symbol '__asan_extra_spill_area'
clang-12: error: unable to execute command: Killed
clang-12: error: linker command failed due to signal (use -v to see invocation)
/src/libreoffice/vcl/Executable_xlsxfuzzer.mk:13: recipe for target '/work/instdir/program/xlsxfuzzer' failed
make[1]: *** [/work/instdir/program/xlsxfuzzer] Error 254
Makefile:166: recipe for target 'Executable_xlsxfuzzer' failed
make: *** [Executable_xlsxfuzzer] Error 2
so I add -v to the flags and see the ld.gold command line, copy + paste it to the command line, execute it - and it succeeds. from the 45 fuzzers, 40 build without problems, and 5 have this strange phenomenon...

i havent seen this, but @caolanm is our expert here on libreoffice. once you fix cmd line issue, i think lets ask him to take a look on this one.

@vanhauser-thc - renaming 2 issues , next can focus on instrumentation, dict enabling (my team can start on this)

that afl map issue you mentioned above, i have just set AFL_MAP_SIZE= 4194304 for now.
this one is not urgent, only showed up in one project. looked at build failures, everything looks same/expected [some new ones ffmpeg, proxygen are not your bugs]. just this one new thing showed up in readstat, probably some leak in afl++ [weird never showed up before]

Step #22: =================================================================
Step #22: ==22272==ERROR: LeakSanitizer: detected memory leaks
Step #22: 
Step #22: Direct leak of 1024000 byte(s) in 1 object(s) allocated from:
Step #22:     #0 0x4990ed in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
Step #22:     #1 0x4d097d in __afl_auto_first llvm_mode/instrumentation/afl-compiler-rt.o.c:1093:15
Step #22: 
Step #22: SUMMARY: AddressSanitizer: 1024000 byte(s) leaked in 1 allocation(s).
Step #22: ********************************************************************************
Step #22: Failed to build.
Step #22: To reproduce, run:
Step #22: python infra/helper.py build_image readstat
Step #22: python infra/helper.py build_fuzzers --sanitizer address --engine afl --architecture x86_64 readstat
Step #22: ********************************************************************************
Finished Step #22

That leak is true, but nothing to be done as the memory has to been kept until program exit. a dtor could be put but that is something I would avoid in instrumentation support and rather put detect_leaks=0

@vanhauser-thc - renaming 2 issues , next can focus on instrumentation, dict enabling (my team can start on this)
1. that afl map issue you mentioned above, i have just set AFL_MAP_SIZE= 4194304 for now.

I prepared a PR for the optimal default setup, this also makes libreoffice work for 40 out of 45 fuzzers.

5129

@inferno-chromium I found a workaround that works for most libreoffice fuzzers ... but ... maybe you have seen this issue before - when building libreoffice this happens:
[LNK] Executable/xlsxfuzzer
/usr/bin/ld.gold: warning: Cannot export local symbol '__asan_extra_spill_area'
clang-12: error: unable to execute command: Killed
clang-12: error: linker command failed due to signal (use -v to see invocation)
/src/libreoffice/vcl/Executable_xlsxfuzzer.mk:13: recipe for target '/work/instdir/program/xlsxfuzzer' failed
i havent seen this, but @caolanm is our expert here on libreoffice. once you fix cmd line issue, i think lets ask him to take a look on this one.

Is it maybe just getting killed by OOM? They are quite large with static linking. (LibreOffice: Based on technology proudly breaking your toolchain since 1985)

google / oss-fuzz

Integrate afl++ with OSS-Fuzz, deprecate vanilla afl. #4280

First pull latest images

Make a change in base-builder, like apply the cl above. This creates a local build of the docker image.

Build the project using this image built above

cmd/trace

5129