Failed to run hybrid fuzzing(AFL+SymCC) in VM.
Vancir opened this issue · comments
In ubuntu 20.04 VM created with VMWare, symcc failed to generate any testcase.
But on native machines, symcc can normally generate many testcases.
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000109,src:000000,op:havoc,rep:4
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000108,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000107,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000104,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000102,src:000000,op:havoc,rep:4
Then I ran the following command:
$ mkdir /tmp/output
$ SYMCC_INPUT_FILE=in/seed.jp2 ./jasper --input ./in/seed.jp2 --output-format bmp --output a.bmp
symcc can generate testcases in native machines.
This is SymCC running with the QSYM backend
Making data read from ./inputs/cc_jp2.jp2 as symbolic
[STAT] SMT: { "solving_time": 0, "total_time": 15490 }
[STAT] SMT: { "solving_time": 216 }
[STAT] SMT: { "solving_time": 216, "total_time": 15964 }
[STAT] SMT: { "solving_time": 383 }
[STAT] SMT: { "solving_time": 383, "total_time": 16748 }
[STAT] SMT: { "solving_time": 589 }
[INFO] New testcase: /tmp/output/000000
[STAT] SMT: { "solving_time": 589, "total_time": 17817 }
[STAT] SMT: { "solving_time": 786 }
[INFO] New testcase: /tmp/output/000001
[STAT] SMT: { "solving_time": 786, "total_time": 19054 }
[STAT] SMT: { "solving_time": 992 }
[INFO] New testcase: /tmp/output/000002
[STAT] SMT: { "solving_time": 992, "total_time": 20212 }
[STAT] SMT: { "solving_time": 1181 }
[STAT] SMT: { "solving_time": 1181, "total_time": 20654 }
[STAT] SMT: { "solving_time": 1358 }
[INFO] New testcase: /tmp/output/000003-optimistic
[STAT] SMT: { "solving_time": 1358, "total_time": 21777 }
[STAT] SMT: { "solving_time": 1904 }
[INFO] New testcase: /tmp/output/000004
[STAT] SMT: { "solving_time": 1904, "total_time": 23290 }
[STAT] SMT: { "solving_time": 2387 }
[INFO] New testcase: /tmp/output/000005
...
...
But symcc cannot generate any testcase in VM.
This is SymCC running with the QSYM backend
Making data read from in/seed.jp2 as symbolic
warning: skipping unknown tag type
warning: skipping unknown tag type
warning: skipping unknown tag type
Does symcc have to run in a native environment?
Thanks!
SymCC should work in a VM as well. The output from the run inside your VM looks as if SymCC never saw symbolic input. Can you make sure that the value of SYMCC_INPUT_FILE exactly matches your input?