fastgen hangs when trying to run on seeds of real programs

Question

fastgen hangs when trying to run on seeds of real programs

Opened this issue 9 months ago · 1 comments

Hi, here are the steps to reproduce the issue in the docker image:

(1) build fastgen

cd /symsan && patch -p1 < /src/symsan_cov.patch
./build/build.sh
cp target/release/fastgen /src/build-programs

(2) run on seeds

cd /src/build-programs
./fastgen -i /out/real_seeds/curl_reduced/ -s 1 -o corpus_curl -t ./curl.symsan -- ./curl.symsan @@

The number of seeds to run is specified as 1, but the above execution of fastgen hangs. Using gdb, I found that it is stuck in the following loop:

fn main_thread_sync(
  out_dir: &str,
  sync_afl: bool,
  running: Arc<AtomicBool>,
  executor: &mut executor::Executor,
) {
  ...
  while running.load(Ordering::SeqCst) {
    thread::sleep(time::Duration::from_secs(5));
    sync_counter -= 1;
    if sync_afl && sync_counter <= 0 {
      sync::sync_afl(executor, running.clone(), sync_dir, &mut synced_ids);
      sync_counter = 12;
    }
  }
}

I check the code and it seems that running is never stored false except in the signal handler of ctrl-c, causing the infinite loop. Could you please take a look and fix the bug? Thanks! @ChengyuSong @chenju2k6

Answer 1 · 2023-12-20T00:15:08.000Z

Hi, @chenju2k6 has graduated and I don't think he has time to maintain the code. I'd suggest you try the afl++ plugin (https://github.com/R-Fuzz/symsan/tree/aflpp) for fuzzing real-world programs.