LibAFL_qemu not working
Closed this issue · 4 comments
domenukk commented
LibAFL_qemu breaks CI (both, launcher, and systemmode).
[cargo-make][3] INFO - Execute Command: "arm-none-eabi-gcc" "-ggdb" "-ffreestanding" "-nostartfiles" "-lgcc" "-T" "/__w/LibAFL/LibAFL/fuzzers/qemu/qemu_systemmode/example/mps2_m3.ld" "-mcpu=cortex-m3" "/__w/LibAFL/LibAFL/fuzzers/qemu/qemu_systemmode/example/main.c" "/__w/LibAFL/LibAFL/fuzzers/qemu/qemu_systemmode/example/startup.c" "-D" "TARGET_CLASSIC" "-I" "/__w/LibAFL/LibAFL/target/debug/include" "-o" "/__w/LibAFL/LibAFL/target/example.elf"
[cargo-make][3] INFO - Running Task: run_fuzzer
[cargo-make][3] INFO - Execute Command: "/__w/LibAFL/LibAFL/target/debug/qemu_systemmode" "-icount" "shift=auto,align=off,sleep=off" "-machine" "mps2-an385" "-monitor" "null" "-kernel" "/__w/LibAFL/LibAFL/target/example.elf" "-serial" "null" "-nographic" "-snapshot" "-drive" "if=none,format=qcow2,file=/__w/LibAFL/LibAFL/target/dummy.qcow2" "-S"
FUZZ_INPUT @ 0x29c
main address = 0x136
Breakpoint address = 0x78
Devices = ["timer", "cpu_common", "cpu", "armv7m_nvic", "armv7m_systick", "armv7m", "or-irq", "cmsdk-apb-uart", "cmsdk-apb-uart", "cmsdk-apb-uart", "cmsdk-apb-uart", "cmsdk-apb-uart", "cmsdk-apb-timer", "cmsdk-apb-timer", "cmsdk-apb-dualtimer", "cmsdk-apb-watchdog", "led", "led", "led", "led", "led", "led", "led", "led", "mps2-scc", "led", "led", "mps2-fpgaio", "pl022_ssp", "or-irq", "pl022_ssp", "pl022_ssp", "or-irq", "pl022_ssp", "pl022_ssp", "i2c_bus", "i2c_bus", "i2c_bus", "i2c_bus", "lan9118"]
[UserStats #1] (GLOBAL) run time: 0h-0m-0s, clients: 1, corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000, edges: 100.000%
(CLIENT) corpus: 0, objectives: 0, executions: 0, exec/sec: 0.000, edges: 12/12 (100%)
[Testcase #1] (GLOBAL) run time: 0h-0m-0s, clients: 1, corpus: 1, objectives: 0, executions: 1, exec/sec: 0.000, edges: 100.000%
(CLIENT) corpus: 1, objectives: 0, executions: 1, exec/sec: 0.000, edges: 12/12 (100%)
We imported 2 inputs from disk.
...
22: 0x5556351735e2 - <libafl::fuzzer::StdFuzzer<CS,F,OF> as libafl::fuzzer::Evaluator<E,EM>>::evaluate_input_events::hb4828407cf0ee04d
at /__w/LibAFL/LibAFL/libafl/src/fuzzer/mod.rs:644:9
23: 0x5556351735e2 - libafl::fuzzer::Evaluator::evaluate_input::h53e[312](https://github.com/AFLplusplus/LibAFL/actions/runs/10151306126/job/28070500041?pr=2459#step:5:313)c2e4cf849a
at /__w/LibAFL/LibAFL/libafl/src/fuzzer/mod.rs:171:9
24: 0x555635164302 - libafl::stages::mutational::MutationalStage::perform_mutational::ha25bb5e624e5cb37
at /__w/LibAFL/LibAFL/libafl/src/stages/mutational.rs:139:34
25: 0x555635164302 - <libafl::stages::mutational::StdMutationalStage<E,EM,I,M,Z> as libafl::stages::Stage<E,EM,Z>>::perform::h81f14b58e7adcaef
at /__w/LibAFL/LibAFL/libafl/src/stages/mutational.rs:231:19
26: 0x555635164302 - libafl::stages::Stage::perform_restartable::hdf09e46214752747
at /__w/LibAFL/LibAFL/libafl/src/stages/mod.rs:127:13
27: 0x5556351624ab - <(Head,Tail) as libafl::stages::StagesTuple<E,EM,<Head as libafl::state::UsesState>::State,Z>>::perform_all::hcfe07b7f07a6daa1
28: 0x55563516f8df - <libafl::fuzzer::StdFuzzer<CS,F,OF> as libafl::fuzzer::Fuzzer<E,EM,ST>>::fuzz_one::h8109caa1f9dfb117
at /__w/LibAFL/LibAFL/libafl/src/fuzzer/mod.rs:804:9
29: 0x55563516f8df - libafl::fuzzer::Fuzzer::fuzz_loop::hc13d5329f4cc1894
at /__w/LibAFL/LibAFL/libafl/src/fuzzer/mod.rs:247:13
30: 0x55563516f8df - qemu_systemmode::fuzzer_classic::fuzz::{{closure}}::h28c0db0eb6a54ea3
at /__w/LibAFL/LibAFL/fuzzers/qemu/qemu_systemmode/src/fuzzer_classic.rs:260:9
31: 0x55563516f8df - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &mut F>::call_once::h2b33bf4645747654
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/core/src/ops/function.rs:305:13
32: 0x555635181503 - libafl::events::launcher::Launcher<CF,MT,SP>::launch_with_hooks::h673c788f4a199d35
at /__w/LibAFL/LibAFL/libafl/src/events/launcher.rs:289:32
33: 0x555635181503 - libafl::events::launcher::Launcher<CF,MT,SP>::launch::h46bb1a76e5fd02c5
at /__w/LibAFL/LibAFL/libafl/src/events/launcher.rs:181:9
34: 0x55563517541d - qemu_systemmode::fuzzer_classic::fuzz::h76fd9cf0312ae838
at /__w/LibAFL/LibAFL/fuzzers/qemu/qemu_systemmode/src/fuzzer_classic.rs:277:11
35: 0x55563518ee1d - core::ops::function::FnOnce::call_once::h7a120e85f696fb90
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/core/src/ops/function.rs:250:5
36: 0x55563518ee1d - std::sys::backtrace::__rust_begin_short_backtrace::he8286546b54d49d5
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/sys/backtrace.rs:156:18
37: 0x555635194ca4 - std::rt::lang_start::{{closure}}::hc3ad9da0784a11ca
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/rt.rs:164:18
38: 0x555635b98130 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h5da7aaf195e1a3d2
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/core/src/ops/function.rs:284:13
39: 0x555635b98130 - std::panicking::try::do_call::h4400dd234908d79e
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panicking.rs:557:40
40: 0x555635b98130 - std::panicking::try::ha8bb5bcd20fecf77
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panicking.rs:521:19
41: 0x555635b98130 - std::panic::catch_unwind::hd5c5aa94dbad5783
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panic.rs:350:14
42: 0x555635b98130 - std::rt::lang_start_internal::{{closure}}::h3bceac8623f95243
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/rt.rs:143:48
43: 0x555635b98130 - std::panicking::try::do_call::h7205c5cdb39c2792
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panicking.rs:557:40
44: 0x555635b98130 - std::panicking::try::hcff6371e8271c9e7
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panicking.rs:521:19
45: 0x555635b98130 - std::panic::catch_unwind::hc2445713a64cb4ca
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/panic.rs:350:14
46: 0x555635b98130 - std::rt::lang_start_internal::h2229af4f9c780e17
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/rt.rs:143:20
47: 0x555635194c99 - std::rt::lang_start::h92e799c699748b4c
at /rustc/2cbbe8b8bb2be672b14cf741a2f0ec24a49f3f0b/library/std/src/rt.rs:163:17
48: 0x7fcf1cf7bd90 - <unknown>
49: 0x7fcf1cf7be40 - __libc_start_main
50: 0x555635158b05 - _start
51: 0x0 - <unknown>
+ grep Objective /tmp/tmp.TiTHEdDzR1/fuzz.log
+ [ -z ]
qemu_systemmode classic: Fuzzer did not find the objective in /tmp/tmp.TiTHEdDzR1/fuzz.log
+ echo qemu_systemmode classic: Fuzzer did not find the objective in /tmp/tmp.TiTHEdDzR1/fuzz.log
+ exit 1
Error while executing command, exit code: 1
Error while executing command, exit code: 105
Error: Process completed with exit code 1.domenukk commented
Also, qemu CI should always run in main I think
domenukk commented
Same for launcher:
[cargo-make] INFO - Running Task: test
Profile: release
gcc -g -o static sqltest.c -l sqlite3 -lm -static -lpthread -ldl
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/13/../../../x86_64-linux-gnu/libsqlite3.a(os_unix.o): in function `unixDlOpen':
(.text+0x9ad): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
gcc -g -o sqltest sqltest.c -l sqlite3 -lm -lpthread
Fuzzer does not generate any testcases or any crashes
Logs:
Error while executing command, exit code: 1