Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No new seeds are generated during fuzzing #156

Open
xiaobaozidi opened this issue Sep 26, 2023 · 2 comments
Open

No new seeds are generated during fuzzing #156

xiaobaozidi opened this issue Sep 26, 2023 · 2 comments

Comments

@xiaobaozidi
Copy link

Hi Adrian,

I attempted to execute afl/afl++ on the program under test in Magma. Some unexpected issues occur with some of the programs.

In essence, no new seeds are produced in the queues directory throughout 24 hours of fuzzing, apart from the original seeds. The log illustrates that the fuzzing process repeatedly cycles through a single test case. Do you have any insights or suggestions regarding this? Thank you!

libpng log:

^[[1;93m[!] ^[[1;97mWARNING: ^[[0m^[[1;91mSome test cases look useless. Consider using a smaller set.^[[0m
^[[1;93m[!] ^[[1;97mWARNING: ^[[0mYou have lots of input files; try starting small.^[[0m
^[[1;92m[+] ^[[0mHere are some useful stats:

^[[1;90m Test case count : ^[[0m1 favored, 0 variable, 20 ignored, 21 total
^[[1;90m Bitmap range : ^[[0m138 to 138 bits (average: 138.00 bits)
^[[1;90m Exec timing : ^[[0m643 to 643 us (average: 603 us)
^[[0m
^[[1;94m[] ^[[0mNo -t option specified, so I'll use exec timeout of 20 ms.^[[0m
^[[1;92m[+] ^[[0mAll set and ready to roll!^[[0m
^[[1;94m[] ^[[0mEntering queue cycle 1.^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=100, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mEntering queue cycle 2.^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mEntering queue cycle 3.^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
^[[1;94m[*] ^[[0mFuzzing test case #0 (21 total, 0 uniq crashes found, perf_score=459, exec_us=643, hits=0, map=138)...^[[0m
@adrianherrera
Copy link
Member

That is very odd. Can you post your magma config and the targets where this is happening?

@xiaobaozidi
Copy link
Author

Hi Adrian,

I resolved the problem by updating to the latest version. However, I'm encountering compilation issues with PHP. The log displays:
/usr/bin/ld: /magma_out/afl_driver.o: undefined reference to symbol '_ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4'
48.22 //usr/lib/x86_64-linux-gnu/libstdc++.so.6: error adding symbols: DSO missing from command line
48.23 clang: error: linker command failed with exit code 1 (use -v to see invocation)

I believe there is a linking issue in afl_driver.o. However, I tired to add -lstdc++ or other solutions, but I am not able to solve it

Thanks,
Andrew

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adrianherrera @xiaobaozidi