about summary refs log tree commit diff
path: root/docs/FAQ.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/FAQ.md')
-rw-r--r--docs/FAQ.md37
1 files changed, 31 insertions, 6 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md
index 3d3dce20..73328d6e 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -58,10 +58,10 @@ If you find an interesting or important question missing, submit it via
 
   A program contains `functions`, `functions` contain the compiled machine code.
   The compiled machine code in a `function` can be in a single or many `basic
-  blocks`. A `basic block` is the largest possible number of subsequent machine
-  code instructions that has exactly one entry point (which can be be entered by
-  multiple other basic blocks) and runs linearly without branching or jumping to
-  other addresses (except at the end).
+  blocks`. A `basic block` is the **largest possible number of subsequent machine
+  code instructions** that has **exactly one entry point** (which can be be entered by
+  multiple other basic blocks) and runs linearly **without branching or jumping to
+  other addresses** (except at the end).
 
   ```
   function() {
@@ -191,7 +191,7 @@ If you find an interesting or important question missing, submit it via
   AFL++ comes with several power schedules, initially ported from [AFLFast](https://github.com/mboehme/aflfast)
   however modified to be more effective and several more modes added.
 
-  The most effective modes are '-p fast` (default) and `-p explore`.
+  The most effective modes are `-p fast` (default) and `-p explore`.
 
   If you fuzz with several parallel afl-fuzz instances, then it is beneficial
   to assign a different schedule to each instance, however the majority should
@@ -204,6 +204,31 @@ If you find an interesting or important question missing, submit it via
 ## Troubleshooting
 
 <details>
+  <summary id="fatal-forkserver-is-already-up-but-an-instrumented-dlopen-library-loaded-afterwards">FATAL: forkserver is already up but an instrumented dlopen library loaded afterwards</summary><p>
+
+  It can happen that you see this error on startup when fuzzing a target:
+
+  ```
+  [-] FATAL: forkserver is already up, but an instrumented dlopen() library
+             loaded afterwards. You must AFL_PRELOAD such libraries to be able
+             to fuzz them or LD_PRELOAD to run outside of afl-fuzz.
+             To ignore this set AFL_IGNORE_PROBLEMS=1.
+  ```
+
+  As the error describes, a dlopen() call is happening in the target that is loading an instrumented library after the forkserver is already in place,
+  This is a problem for afl-fuzz because when the forkserver is started we must know the map size already and it can't be changed later.
+
+  The best solution is to simply set `AFL_PRELOAD=foo.so` the libraries that
+  are dlopen'ed (e.g. use `strace` to see which), or to set a manual forkserver
+  after the final dlopen().
+
+  If this is not a viable option you can set `AFL_IGNORE_PROBLEMS=1` but then
+  the existing map will be used also for the newly loaded libraries, which
+  allows it to work, however the efficiency of the fuzzing will be partially
+  degraded.
+</p></details>
+
+<details>
   <summary id="i-got-a-weird-compile-error-from-clang">I got a weird compile error from clang.</summary><p>
 
   If you see this kind of error when trying to instrument a target with
@@ -225,4 +250,4 @@ If you find an interesting or important question missing, submit it via
   package and because of that the AFL++ llvm plugins do not match anymore.
 
   Solution: `git pull ; make clean install` of AFL++.
-</p></details>
\ No newline at end of file
+</p></details>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 13:28:24 +0000