Hmm, looks like the target binary terminated before we could complete

2,829 views
Skip to first unread message

Shamir Udi

unread,
Jul 26, 2017, 1:06:55 PM7/26/17
to afl-users
Hi All,

I'm trying to afl-fuzz an instrumented application (quite big, 75m). The system equipped with 64gb ram and quite powerful processors (i guess its less relevant).
ulimit is unlimited, also using "-m" trying to tweak it without success.

Binary mode with -Q works quite well but when trying to fuzz using the instrumented mode it fails:
---
Whoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The current memory limit (50.0 MB) is too restrictive, causing the
      target to hit an OOM condition in the dynamic linker. Try bumping up
      the limit with the -m setting in the command line. A simple way confirm
      this diagnosis would be:

      ( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )

      Tip: you can use http://jwilk.net/software/recidivm to quickly
      estimate the required amount of virtual memory for the binary.

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <lca...@coredump.cx> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server crashed with signal 11
         Location : init_forkserver(), afl-fuzz.c:2199
 
---

command line parameters
/usr/local/bin/afl-fuzz  -i /mnt/ramdrv/pe32/ -o /mnt/ramdrv/afl_out -/home/ftw/code/scanner /tmp @@
/usr/local/bin/afl-fuzz -m 500 -i /mnt/ramdrv/pe32/ -o /mnt/ramdrv/afl_out -/home/ftw/code/scanner /tmp @@
/usr/local/bin/afl-fuzz  -m 8000 -i /mnt/ramdrv/pe32/ -o /mnt/ramdrv/afl_out -/home/ftw/code/scanner /tmp @@

Michal Zalewski

unread,
Jul 26, 2017, 9:21:55 PM7/26/17
to afl-users
> I'm trying to afl-fuzz an instrumented application (quite big, 75m). The
> system equipped with 64gb ram and quite powerful processors (i guess its
> less relevant).

Several things to try:

1) Specify -m none and see if that helps. If yes, your memory limit
may be too low.

2) Run the target under afl-showmap and see if it exits with any
discernible error message (or, if it crashes, debug with strace / gdb
/ other standard tools).

3) If all of the above fails, see if setting AFL_NO_FORKSRV=1 before
starting afl-fuzz makes a difference.

> /usr/local/bin/afl-fuzz -m 8000 -i /mnt/ramdrv/pe32/ -o /mnt/ramdrv/afl_out
> -/home/ftw/code/scanner /tmp @@

That looks OK, but why is there a dash before the path?

Cheers,
/mz

Shamir Udi

unread,
Jul 27, 2017, 11:45:30 AM7/27/17
to afl-users
Thanks a mil

AFL_NO_FORKSRV=1 did the trick, still getting solid results !

 

Jakub Wilk

unread,
Jul 28, 2017, 8:00:24 AM7/28/17
to afl-...@googlegroups.com
* Shamir Udi <udis...@gmail.com>, 2017-07-27, 08:45:
>AFL_NO_FORKSRV=1 did the trick, still getting solid results !

Note that forkserver offers significant performance benefits, so it's
probably a good idea to investigate why enabling it makes your target program
crash.

--
Jakub Wilk
Reply all
Reply to author
Forward
0 new messages