Failed to run hybrid fuzzing(AFL+SymCC) in VM. #105

Vancir · 2022-08-04T15:46:48Z

In ubuntu 20.04 VM created with VMWare, symcc failed to generate any testcase.
But on native machines, symcc can normally generate many testcases.

[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000109,src:000000,op:havoc,rep:4
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000108,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000107,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000104,src:000000,op:havoc,rep:2
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Generated 0 test cases (0 new)
[2022-08-04T15:36:30Z INFO  symcc_fuzzing_helper] Running on input /mnt/hgfs/CCFuzzerData/output/afl-master/queue/id:000102,src:000000,op:havoc,rep:4

Then I ran the following command:

$ mkdir /tmp/output
$ SYMCC_INPUT_FILE=in/seed.jp2 ./jasper --input ./in/seed.jp2 --output-format bmp --output a.bmp

symcc can generate testcases in native machines.

This is SymCC running with the QSYM backend                                                                                                                                                                
Making data read from ./inputs/cc_jp2.jp2 as symbolic                                                                                                                                                      
[STAT] SMT: { "solving_time": 0, "total_time": 15490 }                                                                                                                                                     
[STAT] SMT: { "solving_time": 216 }                                                                                                                                                                        
[STAT] SMT: { "solving_time": 216, "total_time": 15964 }                                                                                                                                                   
[STAT] SMT: { "solving_time": 383 }                                                                                                                                                                        
[STAT] SMT: { "solving_time": 383, "total_time": 16748 }                                                                                                                                                   
[STAT] SMT: { "solving_time": 589 }                                                                                                                                                                        
[INFO] New testcase: /tmp/output/000000                                                                                                                                                                    
[STAT] SMT: { "solving_time": 589, "total_time": 17817 }                                                                                                                                                   
[STAT] SMT: { "solving_time": 786 }                                                                                                                                                                        
[INFO] New testcase: /tmp/output/000001                                                                                                                                                                    
[STAT] SMT: { "solving_time": 786, "total_time": 19054 }                                                                                                                                                   
[STAT] SMT: { "solving_time": 992 }                                                                                                                                                                        
[INFO] New testcase: /tmp/output/000002                                                                                                                                                                    
[STAT] SMT: { "solving_time": 992, "total_time": 20212 }                                                                                                                                                   
[STAT] SMT: { "solving_time": 1181 }                                                                                                                                                                       
[STAT] SMT: { "solving_time": 1181, "total_time": 20654 }                                                                                                                                                  
[STAT] SMT: { "solving_time": 1358 }                                                                                                                                                                       
[INFO] New testcase: /tmp/output/000003-optimistic                                                                                                                                                         
[STAT] SMT: { "solving_time": 1358, "total_time": 21777 }                                                                                                                                                  
[STAT] SMT: { "solving_time": 1904 }                                                                                                                                                                       
[INFO] New testcase: /tmp/output/000004                                                                                                                                                                    
[STAT] SMT: { "solving_time": 1904, "total_time": 23290 }                                                                                                                                                  
[STAT] SMT: { "solving_time": 2387 }                                                                                                                                                                       
[INFO] New testcase: /tmp/output/000005                       
...
...

But symcc cannot generate any testcase in VM.

This is SymCC running with the QSYM backend
Making data read from in/seed.jp2 as symbolic
warning: skipping unknown tag type
warning: skipping unknown tag type
warning: skipping unknown tag type

Does symcc have to run in a native environment?

Thanks!

The text was updated successfully, but these errors were encountered:

sebastianpoeplau · 2022-11-04T09:14:25Z

SymCC should work in a VM as well. The output from the run inside your VM looks as if SymCC never saw symbolic input. Can you make sure that the value of SYMCC_INPUT_FILE exactly matches your input?

sebastianpoeplau self-assigned this Nov 4, 2022

sebastianpoeplau added the question Further information is requested label Nov 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Failed to run hybrid fuzzing(AFL+SymCC) in VM. #105

Failed to run hybrid fuzzing(AFL+SymCC) in VM. #105

Vancir commented Aug 4, 2022

sebastianpoeplau commented Nov 4, 2022

Failed to run hybrid fuzzing(AFL+SymCC) in VM. #105

Failed to run hybrid fuzzing(AFL+SymCC) in VM. #105

Comments

Vancir commented Aug 4, 2022

sebastianpoeplau commented Nov 4, 2022