diff --git a/fuzzers/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_qemu/src/fuzzer.rs
index 53b66f4cab..5f650b0cf5 100644
--- a/fuzzers/fuzzbench_qemu/src/fuzzer.rs
+++ b/fuzzers/fuzzbench_qemu/src/fuzzer.rs
@@ -153,7 +153,9 @@ fn fuzz(
     let mut elf_buffer = Vec::new();
     let elf = EasyElf::from_file(emu::binary_path(), &mut elf_buffer)?;
 
-    let test_one_input_ptr = elf.resolve_symbol("LLVMFuzzerTestOneInput").unwrap();
+    let test_one_input_ptr = elf
+        .resolve_symbol("LLVMFuzzerTestOneInput", emu::load_addr())
+        .expect("Symbol LLVMFuzzerTestOneInput not found".into());
     println!("LLVMFuzzerTestOneInput @ {:#x}", test_one_input_ptr);
 
     emu::set_breakpoint(test_one_input_ptr); // LLVMFuzzerTestOneInput
diff --git a/libafl_qemu/src/elf.rs b/libafl_qemu/src/elf.rs
index 99c6884f7c..456d3b8001 100644
--- a/libafl_qemu/src/elf.rs
+++ b/libafl_qemu/src/elf.rs
@@ -1,6 +1,6 @@
 //! Utilities to parse and process ELFs
 
-use goblin::elf::Elf;
+use goblin::elf::{header::ET_DYN, Elf};
 use std::{convert::AsRef, fs::File, io::Read, path::Path, str};
 
 use libafl::Error;
@@ -38,18 +38,26 @@ impl<'a> EasyElf<'a> {
     }
 
     #[must_use]
-    pub fn resolve_symbol(&self, name: &str) -> Option<u64> {
+    pub fn resolve_symbol(&self, name: &str, load_addr: u64) -> Option<u64> {
         for sym in self.elf.syms.iter() {
             if let Some(sym_name) = self.elf.strtab.get_at(sym.st_name) {
                 if sym_name == name {
                     return if sym.st_value == 0 {
                         None
                     } else {
-                        Some(sym.st_value)
+                        if self.is_pic() {
+                            Some(sym.st_value + load_addr)
+                        } else {
+                            Some(sym.st_value)
+                        }
                     };
                 }
             }
         }
         None
     }
+
+    fn is_pic(&self) -> bool {
+        self.elf.header.e_type == ET_DYN
+    }
 }
diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index 366b8bc90e..37ae48cf22 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -14,6 +14,7 @@ extern "C" {
     fn libafl_qemu_set_breakpoint(addr: u64) -> i32;
     fn libafl_qemu_remove_breakpoint(addr: u64) -> i32;
     fn libafl_qemu_run() -> i32;
+    fn libafl_load_addr() -> u64;
 
     fn strlen(s: *const u8) -> usize;
 
@@ -129,6 +130,11 @@ pub fn binary_path<'a>() -> &'a str {
     unsafe { from_utf8_unchecked(from_raw_parts(exec_path, strlen(exec_path))) }
 }
 
+#[must_use]
+pub fn load_addr() -> u64 {
+    unsafe { libafl_load_addr() }
+}
+
 pub fn map_private(addr: u64, size: usize, perms: MmapPerms) -> Result<u64, String> {
     let res = unsafe {
         target_mmap(