According to the "README.persistent.md", running qemuafl in persistent mode, return address will be patched to AFL_QEMU_PERSISTENT_ADDR after a iteration.
If the CPU is in ARM Thumb mode, this will cause "qemu: uncaught target signal 4 (Illegal instruction) " exception,
because of the jump address must be (address | 0x1) in ARM Thumb mode.
When CPU jump to patched address, it will return to ARM mode but running Thumb code, then cause a illegal ins exception.
It seems AFL_QEMU_TARGET_ARM_SNIPPET in qemuafl/target/arm/translate.c has something to do with this issue.
Sorry for my bad English.

Best wishes.

Hi, can you checkout the dev branch of AFL++ and try again now?

(ofc you have to build again qemu mode)

Hi.
It's working great! Thank you very much.