No such file or directory: '../afl_out/cov/lcov/trace.lcov_info_final'

[computereasy]

Hello,

I am running the newest version of afl-cov and afl on 64-bit Ubuntu 14.04. I followed the tutorial here, and I am able to successfully fuzz a test code with afl.

However, when I tried to run afl-cov, I got the following error:

☁  cov  afl-cov -d ../afl_out --live --coverage-cmd "./checksum AFL_FILE" --code-dir ../ --overwrite
    Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --initial --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_base

*** Imported 3 new test cases from: ../afl_out/queue

[+] AFL test case: id:000000,orig:in (0 / 3), cycle: 0

    Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_info
    Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a ../afl_out/cov/lcov/trace.lcov_base -a ../afl_out/cov/lcov/trace.lcov_info --output-file /tmp/tmppLxYHX
Traceback (most recent call last):
 File "/data/vagrant_vms/afl-cov//afl-cov", line 1190, in <module>
  sys.exit(main())
File "/data/vagrant_vms/afl-cov//afl-cov", line 91, in main
  return not process_afl_test_cases(cargs)
File "/data/vagrant_vms/afl-cov//afl-cov", line 208, in process_afl_test_cases
cov, cargs)
File "/data/vagrant_vms/afl-cov//afl-cov", line 314, in coverage_diff
  new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
File "/data/vagrant_vms/afl-cov//afl-cov", line 462, in extract_coverage
  with open(lcov_file, 'r') as f:
 IOError: [Errno 2] No such file or directory: '../afl_out/cov/lcov/trace.lcov_info_final'`

Could anyone shed some lights on what/how does this error happen? Thank you!

[umlaeute]

are you sure that you've added -fprofile-arcs -ftest-coverage to both the compiler and linker flags?

[mrash]

By default, afl-cov tries to determine whether the fuzzed binary has been compiled with '-fprofile-arcs -ftest-coverage' by using readelf. It looks to me as though the lcov command is throwing an error. Can you manually execute the two lcov commands you have above from the terminal and post any errors:

/usr/bin/lcov --no-checksum --capture --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_info
/usr/bin/lcov --no-checksum -a ../afl_out/cov/lcov/trace.lcov_base -a ../afl_out/cov/lcov/trace.lcov_info --output-file /tmp/tmppLxYHX

[mrash]

Also, the very first lcov command generated an error in your initial bug report - try executing the manually and post any errors. I'll update afl-cov to detect whatever error condition lcov seems to be warning about:

/usr/bin/lcov --no-checksum --capture --initial --directory ../ --output-file ../afl_out/cov/lcov/trace.lcov_base

[bactis]

@mrash I'm getting the same error here is the output of the two commands on my system

original command to launch afl-cov

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ ~/git/afl-cov/afl-cov -d /hom
e/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/ --live --coverage-cmd "cat AFL_FILE | /home/
batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov/msg-driver" --code-dir .                        
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_base
    
*** Imported 27 new test cases from: /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//fuzzer01/queue

    [+] AFL test case: id:000000,orig:.blah.swp (0 / 27), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_info
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_base -a /home/batman/GammaStorage/GaryWork/codeStuf$
/fuzz-msgparser-sync//cov/lcov/trace.lcov_info --output-file /tmp/tmplVTjxp
Traceback (most recent call last):
  File "/home/batman/git/afl-cov/afl-cov", line 1194, in <module>
    sys.exit(main())
  File "/home/batman/git/afl-cov/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "/home/batman/git/afl-cov/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: '/home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync//cov/lcov/trace.lcov_info_final'

1st command and output below

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base
Capturing coverage data from .
Found gcov version: 5.4.0
Scanning . for .gcno files ...
Found 52 graph files in .
Processing clock_control.gcno
geninfo: ERROR: /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov/clock_control.gcno: reached unexpected end of file

2nd command error

batman@batcavecomputer:~/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-cov$ /usr/bin/lcov --no-checksum -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base -a /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_info --output-file /tmp/tmp4WVR83
Combining tracefiles.
Reading tracefile /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base
lcov: ERROR: no valid records found in tracefile /home/batman/GammaStorage/GaryWork/codeStuff/fuzz-msgparser-sync/cov/lcov/trace.lcov_base

[PaulCher]

I just had the same problem and I think I have figured out what was wrong for me.
This happened to me, because the program I have been fuzzing used _exit, so destructor (which writes *.gcda files) was not executed and these files were not created. You can figure it out by checking out the man page of gcc for -fprofile-arcs flag.

To make this work I just used exit function instead of _exit, which executes the ELF destructors before exitting.

[grumpycatfb]

I think i ended up fixing this btw. I ended up compiling a newer version of gcc and replacing 4.8 that was installed via apt-get. That fixed the issue.

[mrash]

@PaulCher That is an excellent point about using _exit() vs. exit() and the ELF destructors. There might be other factors too, if upgrading gcc seems to fix the problem as noted by @grumpycatfb. Not sure what afl-cov can do to minimize this sort of behavior though.

[Nimo-Zhang]

Hi @mrash , I meet the same problem. Here is the 1st command and output below:

$sudo /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file ../../../output/cov/lcov/trace.lcov_base
Capturing coverage data from .
Found gcov version: 5.2.1
Scanning . for .gcno files ...
Found 1 graph files in .
Processing base64.gcno
Out of memory!

The version of lcov on my computer is 1.13.

[umlaeute]

@zzzssseee how is this the same problem? it looks very different to me.

[Nimo-Zhang]

@umlaeute I don't know why this happened. When I tried to run afl-cov , I got the same error ：

$ sudo ../../../afl-cov-master/afl-cov -d ../../../output --live --coverage-cmd "cat AFL_FILE ./base64" --code-dir . --overwrite
[sudo] password for zhang123: 
[-] Sleep for 60 seconds waiting for afl-fuzz to be started....
        Non-zero exit status '1' for CMD: /usr/bin/lcov --no-checksum --capture --initial --directory . --output-file ../../../output/cov/lcov/trace.lcov_base
    
*** Imported 21 new test cases from: ../../../output/queue

    [+] AFL test case: id:000000,orig:1 (0 / 21), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum --capture --directory . --output-file ../../../output/cov/lcov/trace.lcov_info
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a ../../../output/cov/lcov/trace.lcov_base -a ../../../output/cov/lcov/trace.lcov_info --output-file /tmp/tmp9_nd43
Traceback (most recent call last):
  File "../../../afl-cov-master/afl-cov", line 1200, in <module>
    sys.exit(main())
  File "../../../afl-cov-master/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "../../../afl-cov-master/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "../../../afl-cov-master/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "../../../afl-cov-master/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: '../../../output/cov/lcov/trace.lcov_info_final'

So I tried to find the cause of the problem and then entered the above command as you see，and then got the “out of memory” error.

[hullale]

I have run into this error a number of times, and have figured out that it is exclusively caused by a failure in compiling with gcov profiling support. The following fixed this issue:

1. Specifying lcov and genhtml paths. In command line arguments.
2. Double checking the compilation arguments to verify you are correctly compiling with gcov profiling support.
3. Verifying the other compilation arguments are the same between your Fuzzed copy of source and copy to generate coverage with.
4. Verify that a .gcno file have been generated for every file that you wish to generate coverage for.

[valour01]

I come across the same problems.
system version is Linux jmh-SYS 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
gcc version is gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609
-fprofile-arcs -ftest-coverage is added
lcov version is lcov: LCOV version 1.12

Those who can run the afl-cov successfully. Could you please share your system and compiler version or any specific configurations. Many Thanks

[spencerwuwu]

@valour01 I'm currently dealing with the same problem.
It seems to be an issue discussed here .
I'm thinking about writing another script based on the GCOV's intermediate format approach given in the discussion.

[valour01]

@spencerwuwu Thank you very much

Actually, I don't have so much time and I have to catch the deadline. Thus, I hope those who can run the afl-cov successfully to provide me the specific version of the compiler, system and binary version so that I can try this tool now. Many Thanks.

[mrash]

Ok, can you try the latest afl-cov from git master? This commit will likely help: 7d0b064 since afl-cov will log command errors to the afl-cov.log logfile, so if lcov is having a problem then the error should appear in this file.

[whitefir]

I'd like to share my experience in this matter.
Firstly, I also met this error same as above ones.
But later I find, I used afl-clang-fast to compile the lib and linker, as it is 'default' and 'favorable' when using afl. So, after I change afl-clang-fast to afl-gcc, afl-cov works successfully. Maybe, this is the only reason simply.
BTW, is there any method to make afl-cov compatible with clang? Many thanks.

[Kankarollo]

I had the same problem, but managed to solve it because of hint from @hullale comment. In my case the biggest flaw was that .gcda files were not generated in the same directory that .gcno and <afl-gcov_binary>.

I solved it by producing my gcov binary (<afl-gcov_binary>) with afl-gcc -fprofile-arcs -ftest-coverage in the same folder (folder_with_source_code) where my source code (only the main .c file not all of dependency code) and <afl_binary> (on which I used afl-fuzz) were and made sure that all *.gcno and *.gcda files were generated there too. ( *.gcda files are generated only when you execute afl-cov)

I used command:

afl-cov -d .../afl-output --coverage-cmd ".../folder_with_source_code/<afl-gcov_binary> < AFL_FILE " --code-dir .../folder_with_source_code/.

In my case afl-fuzzer take input from binary rerouted to stdin that's why ".../folder_with_source_code/<afl-gcov_binary> < AFL_FILE "

[sgzeng]

same. Would afl-cov add support to clang? Many thx!

[r-2007]

Hey, I run into the same problem when trying to use afl-cov.
This is the error message I receive.

 afl-cov -c fuzz-cov/ -d temp1/output/aflsmart/TinyDTLS/test_copy -e "fuzz-cov/tests/dtls-fuzz AFL_FILE psk 2" --overwrite
    
*** Imported 3 new test cases from: temp1/output/aflsmart/TinyDTLS/test_copy/queue

    [+] AFL test case: id:000000,time:0,orig:0 (0 / 3), cycle: 0
        Non-zero exit status '255' for CMD: /usr/bin/lcov --no-checksum -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info --output-file /tmp/tmp2KcTpg
Traceback (most recent call last):
  File "/usr/bin/afl-cov", line 1194, in <module>
    sys.exit(main())
  File "/usr/bin/afl-cov", line 91, in main
    return not process_afl_test_cases(cargs)
  File "/usr/bin/afl-cov", line 208, in process_afl_test_cases
    cov, cargs)
  File "/usr/bin/afl-cov", line 314, in coverage_diff
    new_cov = extract_coverage(cov_paths['lcov_info_final'], cargs)
  File "/usr/bin/afl-cov", line 462, in extract_coverage
    with open(lcov_file, 'r') as f:
IOError: [Errno 2] No such file or directory: 'temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info_final'

This is the output I get from running the lcov command
1st command:

rahbar@rahbar-VirtualBox:~$ /usr/bin/lcov --no-checksum --capture --initial --directory fuzz-cov/ --output-file temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base
Capturing coverage data from fuzz-cov/
Found gcov version: 7.5.0
Scanning fuzz-cov/ for .gcno files ...
Found 16 graph files in fuzz-cov/
Processing tests/dtls-fuzz.gcno
Processing tests/prf-test.gcno
Processing tests/dtls-server.gcno
Processing tests/dtls-client.gcno
Processing tests/ccm-test.gcno
Processing dtls-hmac.gcno
Processing sha2/sha2.gcno
Processing posix/dtls-support.gcno
Processing netq.gcno
Processing aes/rijndael.gcno
Processing dtls-crypto.gcno
Processing ecc/ecc.gcno
Processing dtls-ccm.gcno
Processing dtls-peer.gcno
Processing dtls-log.gcno
Processing dtls.gcno
Finished .info-file creation

2nd command:

rahbar@rahbar-VirtualBox:~$ /usr/bin/lcov --no-checksum -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base -a temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info --output-file /tmp/tmppLxYHX
Combining tracefiles.
Reading tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_base
Reading tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info
lcov: ERROR: no valid records found in tracefile temp1/output/aflsmart/TinyDTLS/test_copy/cov/lcov/trace.lcov_info

I have GCC (Ubuntu 7.5.0-3ubuntu1~18.04) and LCOV(1.13) versions.
I compiled the source code used for fuzzing with afl-gcc. and added gcov profiling support while using afl-gcc for the separate copy that is used for afl-cov.

Could someone suggest me where I am going wrong?

[umlaeute]

@r-2007 would you mind posting text-output of the error-messages, rather than images? it makes it so much easier to search for.

[wyunc]

I just had this problem too.
I found that it was because gcov was version incompatible when parsing the gcc compiler
I copied the whole afl-gcc project into docker with gcc version=7.5.0 and gcov=7.5.0; However, the docker version is gcc=10.3.0 and gcov=9.3.0.
Therefore, it only needs to be recompiled in the new environment
Maybe lcov --gcov-tool /path/to/gcov-7 can be specified to the specific gcov version? I didn't try this