Help with qemu-mode
mishbanya opened this issue · comments
i've been trying to run afl-fuzz with qemu-mode, but no matter what i try i get the same error everytime. Could somebody help me with that?
`mish@ubuntu:~/Downloads/Open_Games/C/life$ sudo afl-fuzz -m none -i input -o output -Q ./game_of_life @@
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 2 CPU cores and 4 runnable tasks (utilization: 200%).
[!] WARNING: System under apparent load, performance may be spotty.
[] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[] Deleting old session data...
[+] Output dir cleanup successful.
[] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #0.
[] Scanning 'input'...
[+] Loaded a total of 6 seeds.
[] Creating hard links for all input files...
[] Validating target binary...
[] No auto-generated dictionary tokens to reuse.
[] Attempting dry run with 'id:000000,time:0,execs:0,orig:1-2-3-4.txt'...
[*] Spinning up the fork server...
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:
- The target binary crashes because necessary runtime conditions it needs
are not met. Try to:
1. Run again with AFL_DEBUG=1 set and check the output of the target
binary for clues.
2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
generated core dump.
- Possibly the target requires a huge coverage map and has CTORS.
Retry with setting AFL_MAP_SIZE=10000000.
Otherwise there is a horrible bug in the fuzzer.
Poke the Awesome Fuzzing Discord for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : afl_fsrv_start(), src/afl-forkserver.c:1428
`
I've tried to implement solutions from other issue, #733, but its not helping either. I am sure that the solution im looking for is pretty simple and im just silly. What should i try?
add AFL_DEBUG=1 and check the output of the target is then displayed
it seems nothing have changed
`
mish@ubuntu:~/Downloads/Open_Games/C/life$ sudo afl-fuzz -m none -i input -o output -Q ./game_of_life @@
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 2 CPU cores and 6 runnable tasks (utilization: 300%).
[!] WARNING: System under apparent load, performance may be spotty.
[] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[] Deleting old session data...
[+] Output dir cleanup successful.
[] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #0.
[] Scanning 'input'...
[+] Loaded a total of 6 seeds.
[] Creating hard links for all input files...
[] Validating target binary...
[] No auto-generated dictionary tokens to reuse.
[] Attempting dry run with 'id:000000,time:0,execs:0,orig:1-2-3-4.txt'...
[*] Spinning up the fork server...
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:
- The target binary crashes because necessary runtime conditions it needs
are not met. Try to:
1. Run again with AFL_DEBUG=1 set and check the output of the target
binary for clues.
2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
generated core dump.
- Possibly the target requires a huge coverage map and has CTORS.
Retry with setting AFL_MAP_SIZE=10000000.
Otherwise there is a horrible bug in the fuzzer.
Poke the Awesome Fuzzing Discord for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : afl_fsrv_start(), src/afl-forkserver.c:1428
`
Although i set AFL-DEBUG to 1:
mish@ubuntu:~/Downloads/Open_Games/C/life$ printenv SHELL=/bin/bash SESSION_MANAGER=local/ubuntu:@/tmp/.ICE-unix/1440,unix/ubuntu:/tmp/.ICE-unix/1440 QT_ACCESSIBILITY=1 COLORTERM=truecolor XDG_CONFIG_DIRS=/etc/xdg/xdg-ubuntu:/etc/xdg SSH_AGENT_LAUNCHER=gnome-keyring XDG_MENU_PREFIX=gnome- GNOME_DESKTOP_SESSION_ID=this-is-deprecated AFL_DEBUG=1 ...
the environment variable does not reach afl-fuzz because of sudo. otherwise the ouput would show way more messages.
but if i run it without sudo, i get this:
`
mish@ubuntu:~/Downloads/Open_Games/C/life$ afl-fuzz -m none -i input -o output -Q ./game_of_life @@
[+] Enabled environment variable AFL_DEBUG with value 1
[+] Enabled environment variable AFL_DEBUG with value 1
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 2 CPU cores and 2 runnable tasks (utilization: 100%).
[*] Setting up output directories...
[-] SYSTEM ERROR : Unable to create 'output/default'
Stop location : setup_dirs_fds(), src/afl-fuzz-init.c:2088
OS message : Permission denied
`
Because out/ is now owned by root. Sorry but this is not a help channel for basic Linux usage