Nautilus not synchronising with AFL

[bendrissou]

Hi,

I have been trying to run Nautilus in combination with AFL, as illustrated in the Readme. However the "S" instance is not aware of the "M" instance, and is not importing its entries.

Terminal 1

cargo run --release -- -o findings -- ./test @@

Terminal 2

afl-fuzz -Safl -i seeds -o findings ./test @@
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[*] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 4 CPU cores and 5 runnable tasks (utilization: 125%).
[*] Setting up output directories...
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #3.
[!] WARNING: no -M main node found. It is recommended to run exactly one main instance.

The synchronisation works fine when using an AFL M instance.

[bendrissou]

Hi @eqv

Can you confirm this issue please?

Thank you.

[eqv]

I don't know, I'm not even seeing that there's no synchronisation? There's just some warning. AFL++ has changed a lot since nautilus was released. If you want to use this feature with a new AFL++ version (which you probably should), please go find the check that AFL++ does before it prints "no -M main node found. It is recommended to run exactly one main instance.". There's probably some .status or something like that, that AFL++ is missing. Just add that to the folder and you should be good.

[bendrissou]

Hi,

Thank you for your response. AFL++ expects the main node's output directory to have a file named is_main_node. The secondary nodes identify the main node by checking for the existence of this file. This file should ideally be added by Nautilus. To avoid the warning, I had to create this file manually before launching any secondary node:

touch /tmp/workdir/is_main_node

There is a more serious problem: AFL++ second node successfully detects the main node and proceeds to sync test cases. However, after the initial sync, AFL++ does not import any further test cases. After debugging, I found that AFL expects the id of a test case to be six digits. But Nautilus generates 9 digit ids.

Is it possible to make the file naming of Nautilus test cases consistent with that of AFL? Specifically, The id part should be six digits, and a timestamp should be included in the file name.

Thanks.

[eqv]

that should be quite trivial - Nautilus only writes those files for that purpose (well for the and humans), so it should be trivial to change the naming scheme

[bendrissou]

The issue has been resolved in my fork. There is a previous PR pending.