[Error] fork server handshake failed in afl.rs with ASan

[MJUCOM]

Hello everyone!

I have some question about to run the afl.rs fuzzer(internally, use AFLplusplus) to RUST program with asan.

I run the commend like below :

RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/x86_64-unknown-linux-gnu/debug/dtool b2h @@

However, there are some issue to handshake to fork server. The error message with AFL_DEBUG=1 flag is like below :

dy3199@s2lab05:~/fuzz-test/application/dtool$ AFL_DEBUG=1 RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/x86_64-unknown-linux-gnu/debug/dtool b2h @@
MJU AFL
[+] Loaded environment variable AFL_DEBUG with value 1
[+] Loaded environment variable AFL_DEBUG with value 1
[+] Loaded environment variable AFL_PATH with value /home/dy3199/s2fuzz/scripts/afl.rs/AFLplusplus
[+] Loaded environment variable AFL_SKIP_BIN_CHECK with value 1
[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
afl-fuzz++4.00c based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[*] Checking core_pattern...
[+] You have 128 CPU cores and 38 runnable tasks (utilization: 30%).
[+] Try parallel jobs - see docs/parallel_fuzzing.md.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #1.
[*] Scanning 'in'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:input.txt'...
[*] Spinning up the fork server...
0x2f686f6d652f6479333139392f66757a7a2d746573742f6170706c69636174696f6e2f64746f6f6c2f6f75742f64656661756c742f2e6375725f696e707574

[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:

    - The target binary crashes because necessary runtime conditions it needs
      are not met. Try to:
      1. Run again with AFL_DEBUG=1 set and check the output of the target
         binary for clues.
      2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
         generated core dump.

    - Possibly the target requires a huge coverage map and has CTORS.
      Retry with setting AFL_MAP_SIZE=10000000.

Otherwise there is a horrible bug in the fuzzer.
Poke <afl-users@googlegroups.com> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server handshake failed
         Location : afl_fsrv_start(), src/afl-forkserver.c:1229

I'm not sure but i guess the problem occur the limitation of the virtual memory to run the fuzzer. If the fuzzer run without the asan, then it works! However, if I add the address sanitizer to build and run commend, then it generate the error like above.

I have no insight to solve the problem. How to solve this problem???

Thank you very much! Have a nice day!
Cheers