Restart of fuzzer after call to Exit()

[marcinguy]

Hi

Seems like the launcher does not restart fuzzer upon it possibly exists. Noticed it in NOASAN fuzzer and ASAN fuzzer config.

Fuzzer would just die. Did not catch the error in NONASAN

NONASAN config:

 match Launcher::builder()
        .shmem_provider(shmem_provider)
        .configuration(EventConfig::from_name("nonasan"))
        .stats(stats)
        .run_client(&mut run_client)
        .cores(&cores)
        .broker_port(broker_port)
        .stdout_file(Some("/dev/null"))
        .build()
        .launch()

But in ASAN I manged to catch it.

It stopped simply on

Timeout in fuzz run.

The process is still there, but seem not to fuzz on. Load on the core/fuzzer is 0%

It was a process (without Broker) of one ASAN fuzzer client.

ASAN Config

 match Launcher::builder()
        .shmem_provider(shmem_provider)
        .configuration(EventConfig::from_name("asan"))
        .stats(stats)
        .run_client(&mut run_client)
        .cores(&cores)
        .spawn_broker(false)
        .broker_port(broker_port)
        .build()
        .launch()

Any ideas?

[andreafioraldi]

Exits with exit() you mean?

[marcinguy]

@andreafioraldi I think the child exited and fuzzer hanged somewhere here:

https://github.com/AFLplusplus/LibAFL/blob/939784d5121abc57650ce8eb094c399dc551912e/libafl/src/executors/inprocess.rs#L448

Between line 415 and 448

Anyhow, adjusting the timeout to 5s in ASAN Fuzzer solved the issue.

Setup:

50 NONASAN timeout 1,2 secs 1 ASAN timeout 5 secs

Seem to run stable now. Will see. All green CPU

[domenukk]

Exit means exit. Targets should not call exit (for example, LDPRELOAD deexit)