exercise 8 [-] PROGRAM ABORT : We need at least one valid input seed that does not crash!

[Janette88]

cccc@ubuntu:~/fuzzing_acro$ AFL_QEMU_PERSISTENT_ADDR=0x08a464c8 AFL_QEMU_PERSISTENT_GPR=1 ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@
afl-fuzz++4.01a based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a a length of min=1 max=1048576
[] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 2 CPU cores and 1 runnable tasks (utilization: 50%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.md.
[] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[] Deleting old session data...
[+] Output dir cleanup successful.
[] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #0.
[] Scanning './afl_in/'...
[+] Loaded a total of 9 seeds.
[] Creating hard links for all input files...
[] Validating target binary...
[] No auto-generated dictionary tokens to reuse.
[] Attempting dry run with 'id:000000,time:0,execs:0,orig:test.pdf'...
[] Spinning up the fork server...
[+] All right - fork server is up.
[] Target map size: 65536

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000000,time:0,execs:0,orig:test.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000001,time:0,execs:0,orig:LIBRE_OFFICE-98479-0.zip-2.fdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000001,time:0,execs:0,orig:LIBRE_OFFICE-98479-0.zip-2.fdf' results in a crash, skipping
[*] Attempting dry run with 'id:000002,time:0,execs:0,orig:LIBRE_OFFICE-96902-1.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000002,time:0,execs:0,orig:LIBRE_OFFICE-96902-1.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000003,time:0,execs:0,orig:LIBRE_OFFICE-92614-3.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000003,time:0,execs:0,orig:LIBRE_OFFICE-92614-3.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000004,time:0,execs:0,orig:LIBRE_OFFICE-84690-0.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000004,time:0,execs:0,orig:LIBRE_OFFICE-84690-0.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000005,time:0,execs:0,orig:LIBRE_OFFICE-129976-1.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000005,time:0,execs:0,orig:LIBRE_OFFICE-129976-1.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000006,time:0,execs:0,orig:LIBRE_OFFICE-107149-0.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000006,time:0,execs:0,orig:LIBRE_OFFICE-107149-0.pdf' results in a crash, skipping
[*] Attempting dry run with 'id:000007,time:0,execs:0,orig:LIBRE_OFFICE-106270-0.ps'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000007,time:0,execs:0,orig:LIBRE_OFFICE-106270-0.ps' results in a crash, skipping
[*] Attempting dry run with 'id:000008,time:0,execs:0,orig:LIBRE_OFFICE-106270-0.pdf'...

[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:

- The test case causes known crashes under normal working conditions. If
  so, please remove it. The fuzzer should be seeded with interesting
  inputs - but not ones that cause an outright crash.

- In QEMU persistent mode the selected address(es) for the loop are not
  properly cleaning up variables and memory. Try adding
  AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.

- Least likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

[!] WARNING: Test case 'id:000008,time:0,execs:0,orig:LIBRE_OFFICE-106270-0.pdf' results in a crash, skipping
[+] All test cases processed.

[-] PROGRAM ABORT : We need at least one valid input seed that does not crash!
Location : main(), src/afl-fuzz.c:2165

according to the error message ,i put a normal test.pdf into afl_in . The error was still generated. i don't know how to solve it. is it related with afl++ version? or else?
thank you ~~`

[Janette88]

[Janette88]

cccc@ubuntu:~/fuzzing_acro$ AFL_QEMU_PERSISTENT_ADDR=0x08546a00 AFL_QEMU_PERSISTENT_GPR=1 ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@

the same error ~~~[-] PROGRAM ABORT : We need at least one valid input seed that does not crash!
Location : main(), src/afl-fuzz.c:2165

[antonio-morales]

Hi @Janette88!!

I need more info in order to help you.

What happens when you don't set AFL_QEMU_PERSISTENT_ADDR? Try to run just this:

ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@

and let me know if afl-fuzz crash

[Janette88]

@antonio-morales 👍 thank you for your concern:-)
yes, i got crash when i was running like this:
ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@
why i failed fuzzing when i used Persistent approach~~~ thank you for your guidance .

[bugchong]

@antonio-morales 👍 thank you for your concern:-) yes, i got crash when i was running like this: ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@ why i failed fuzzing when i used Persistent approach~~~ thank you for your guidance .

hi, the problem was fixed? I have the same problem. when i was runing like this:

AFL_DEBUG=1 AFL_QEMU_PERSISTENT_ADDR=0x08a464c8 AFL_QEMU_PERSISTENT_GPR=1 ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i afl_in/ -o afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@

afl-qemu-trace: /opt/Adobe/Reader9/Reader/intellinux/bin/acroread: Invalid ELF image for this architecture

[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:

    - The target binary crashes because necessary runtime conditions it needs
      are not met. Try to:
      1. Run again with AFL_DEBUG=1 set and check the output of the target
         binary for clues.
      2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
         generated core dump.

    - Possibly the target requires a huge coverage map and has CTORS.
      Retry with setting AFL_MAP_SIZE=10000000.

Otherwise there is a horrible bug in the fuzzer.
Poke <[email protected]> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server handshake failed
         Location : afl_fsrv_start(), src/afl-forkserver.c:1234

[antonio-morales]

@bugchong "Invalid ELF image for this architecture"

Are you running this exercise on an ARM architecture?

[QiuJYWX]

@bugchong @antonio-morales ，
Hi , I met the same problem. "Invalid ELF image for this architecture"
test@A1fr3d:~/fuzzing_adobe$ file /opt/Adobe/Reader9/Reader/intellinux/bin/acroread
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped

[antonio-morales]

Hi @QiuJYWX

could run the following one on your machine

hostnamectl

and post here the result?

Thanks

[QiuJYWX]

Hi @antonio-morales , the result is attached when run hostnamectl

test@A1fr3d:~$ hostnamectl
Static hostname: A1fr3d
Icon name: computer-desktop
Chassis: desktop
Machine ID: fb509d7756084fc5a6d0931f75cf9c63
Boot ID: feaf1ba1eaa14457a8321dde78873db8
Operating System: Ubuntu 20.04.3 LTS
Kernel: Linux 5.11.0-40-generic
Architecture: x86-64

[bugchong]

@bugchong "Invalid ELF image for this architecture"

Are you running this exercise on an ARM architecture?

no,it's not ARM architecture.

/opt/Adobe/Reader9/Reader/intellinux/bin/acroread: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped

[bugchong]

Hi @antonio-morales , the result is attached when run hostnamectl

test@A1fr3d:~$ hostnamectl Static hostname: A1fr3d Icon name: computer-desktop Chassis: desktop Machine ID: fb509d7756084fc5a6d0931f75cf9c63 Boot ID: feaf1ba1eaa14457a8321dde78873db8 Operating System: Ubuntu 20.04.3 LTS Kernel: Linux 5.11.0-40-generic Architecture: x86-64

i run "hostnamectl", the result is:

Static hostname: ubuntu
Icon name: computer-vm
Chassis: vm
Machine ID: f98866921b244210ba72b0a957db18dc
Boot ID: 7a1f0ac04db9418bbfede5453f41546e
Virtualization: vmware
Operating System: Ubuntu 20.04.2 LTS
Kernel: Linux 5.13.0-39-generic
Architecture: x86-64

[Janette88]

@antonio-morales 👍 thank you for your concern:-) yes, i got crash when i was running like this: ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i ./afl_in/ -o ./afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@ why i failed fuzzing when i used Persistent approach~~~ thank you for your guidance .

hi, the problem was fixed? I have the same problem. when i was runing like this:

AFL_DEBUG=1 AFL_QEMU_PERSISTENT_ADDR=0x08a464c8 AFL_QEMU_PERSISTENT_GPR=1 ACRO_INSTALL_DIR=/opt/Adobe/Reader9/Reader ACRO_CONFIG=intellinux LD_LIBRARY_PATH=$LD_LIBRARY_PATH:'/opt/Adobe/Reader9/Reader/intellinux/lib' afl-fuzz -Q -i afl_in/ -o afl_out/ -t 2000 -- /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -toPostScript @@

afl-qemu-trace: /opt/Adobe/Reader9/Reader/intellinux/bin/acroread: Invalid ELF image for this architecture

[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:

    - The target binary crashes because necessary runtime conditions it needs
      are not met. Try to:
      1. Run again with AFL_DEBUG=1 set and check the output of the target
         binary for clues.
      2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
         generated core dump.

    - Possibly the target requires a huge coverage map and has CTORS.
      Retry with setting AFL_MAP_SIZE=10000000.

Otherwise there is a horrible bug in the fuzzer.
Poke <[email protected]> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server handshake failed
         Location : afl_fsrv_start(), src/afl-forkserver.c:1234

not yet. i stiil failed in using persistent mode ~~~ i've read your issue . Is it related file format ? In my case ,my problem was fouced on Input seeds. i could not start afl-fuzz interface normally after run the command. Anyway , Please tell me when you fixed your problem. Thanks !

[theoyuandawang]

afl-qemu-trace: /opt/Adobe/Reader9/Reader/intellinux/bin/acroread: Invalid ELF image for this architecture

Have you tried recompiling your afl-qemu mode
as mentioned in the tutorial
"CPU_TARGET=i386 ./build_qemu_support.sh"