This repository has been archived by the owner on Mar 22, 2024. It is now read-only.
Qemu mode stuck at "[+] All right - fork server is up." #96
Comments
|
please always write which version you are using. is it a release - if yes which version? is it a git checkout - if yes which commit id? |
|
release 2.56b, my enviroment is Ubuntu 18.04.4 |
|
my guess is that you have triggered a qemu bug that is unrelated to afl, like a race condition in the ARM part, as otherwise this would have floated up much more often. And the afl qemu patches have nothing ARM specific. qemu 2.1 is really old ... |
|
Thank you very much for your reply, I will try AFLplusplus |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I use afl qemu mode to fuzzing a arm library. I wrote a entrance for that library. Then I test the binary with afl-qemu-trace, and it could return correct result. Then I use command "afl-fuzz -m 8G -i aflin -o aflout -Q ./binary @@" to execute the fuzz. But the main process stucked at "[+] All right - fork server is up.". Then I use ps to see the child process "afl-qemu-trace ./binanry FILE". And I use gdb to attach on it. I found program is stuck at some mutex. Here is the call stack:
, argc=4, argv=0x7ffc60ede9c8, init=, fini=, rtld_fini=, stack_end=0x7ffc60ede9b8) at ../csu/libc-start.c:310#0 __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1 0x00007fbcac68d023 in __GI___pthread_mutex_lock (mutex=mutex@entry=0x55948b53e500 <tcg_ctx+288>) at ../nptl/pthread_mutex_lock.c:78
#2 0x000055948b27973a in qemu_mutex_lock (mutex=mutex@entry=0x55948b53e500 <tcg_ctx+288>) at util/qemu-thread-posix.c:65
#3 0x000055948b180e28 in tb_lock () at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/translate-all.c:170
#4 cpu_restore_state (cpu=cpu@entry=0x55948e180910, retaddr=retaddr@entry=94096477451624) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/translate-all.c:353
#5 0x000055948b17d442 in handle_cpu_signal (old_set=0x7ffc60edd2a8, is_write=, address=4010848012, pc=94096477451622) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/user-exec.c:124
#6 cpu_arm_signal_handler (host_signum=, pinfo=pinfo@entry=0x7ffc60edd2b0, puc=0x7ffc60edd180) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/user-exec.c:229
#7 0x000055948b1a5f41 in host_signal_handler (host_signum=11, info=0x7ffc60edd2b0, puc=0x7ffc60edd180) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/linux-user/signal.c:646
#8
#9 0x000055948b1cf566 in gen_intermediate_code (cs=cs@entry=0x55948e180910, tb=tb@entry=0x55948b615480 <static_code_gen_buffer+796080>) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/target/arm/translate.c:12011
#10 0x000055948b18107e in tb_gen_code (cpu=cpu@entry=0x55948e180910, pc=4010848012, cs_base=0, flags=524416, cflags=, cflags@entry=0) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/translate-all.c:1283
#11 0x000055948b17d999 in afl_wait_tsl (fd=3, cpu=0x55948e180910) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/../patches/afl-qemu-cpu-inl.h:304
#12 afl_forkserver (cpu=cpu@entry=0x55948e180910) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/../patches/afl-qemu-cpu-inl.h:222
#13 0x000055948b17f2cd in cpu_tb_exec (itb=, itb=, cpu=) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/cpu-exec.c:149
#14 cpu_loop_exec_tb (tb_exit=, last_tb=, tb=, cpu=) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/cpu-exec.c:583
#15 cpu_exec (cpu=) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/accel/tcg/cpu-exec.c:681
#16 0x000055948b182ca0 in cpu_loop (env=0x55948e188ba0) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/linux-user/main.c:570
#17 0x000055948b13cbf0 in main (argc=argc@entry=4, argv=argv@entry=0x7ffc60ede9c8, envp=) at /root/AFL-2.56b/qemu_mode/qemu-2.10.0/linux-user/main.c:4862
#18 0x00007fbcac2b3b97 in __libc_start_main (main=0x55948b13c4c0
#19 0x000055948b13d35a in _start ()
The text was updated successfully, but these errors were encountered: