exception when running angora with -i - (restart)

[hexcoder-]

I get exceptions when I try to (re)run angora after a previous termination (with ^C). First run is like this # /angora/bin/fuzzer -ii -o o -j 24 -t translit/OBJ/x86_64-linux-clang_taint/translit -- translit/OBJ/x86_64-linux-clangfast_/translit ABCDAB VWXYZ Then I terminate with ^C, and (re)run with # RUST_BACKTRACE=1 /angora/bin/fuzzer -i - -o o -j 24 -t translit/OBJ/x86_64-linux-clang_taint/translit -- translit/OBJ/x86_64-linux-clangfast_/translit ABCDAB VWXYZ

 ESC[0mESC[31mERRORESC[0m ESC[0mESC[1mangora::fuzz_mainESC[0m > Failed to find any branches during dry run.
Please ensure that the binary has been instrumented and/or input directory is populated.
thread 'main' panicked at 'explicit panic', fuzzer/src/fuzz_main.rs:70:9
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:39
   1: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:70
   2: std::panicking::default_hook::{{closure}}
             at src/libstd/sys_common/backtrace.rs:58
             at src/libstd/panicking.rs:200
   3: std::panicking::default_hook
             at src/libstd/panicking.rs:215
   4: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:478
   5: std::panicking::begin_panic
   6: angora::fuzz_main::fuzz_main
   7: fuzzer::main
   8: std::rt::lang_start::{{closure}}
   9: std::panicking::try::do_call
             at src/libstd/rt.rs:49
             at src/libstd/panicking.rs:297
  10: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:92
  11: std::rt::lang_start_internal
             at src/libstd/panicking.rs:276
             at src/libstd/panic.rs:388
             at src/libstd/rt.rs:48
  12: main
  13: __libc_start_main
  14: _start
# 

This is independent of the target program used. Maybe I am doing something wrong.

[spinpx]

Hi @hexcoder- . I can't reproduce this issue in binutils and file program. Can your provide the program you tested? The logs shows that the fuzzer can not find any new branch. Can you make sure:

• the tested program is instrumented.
• Can you use RUST_LOC=info,(angora/angora_fuzzer will use it) and see that the log " INFO angora::depot::sync > sync xx file from seeds." to make sure xx is not 0. If it is 0, then please check output/queue.

I tested in file by Re-run

[hexcoder-]

I updated the docker image, and tried again. First with -input i, then after 5 seconds I terminated it. Angora showed 15 paths found, but output/queue is empty then! I don't understand why.

I repeated the runs and let it run a bit longer with -i i. Then I saw that angora created alternative output directories o.1, o.2, ... and also in this format o.2019-01-10T07:18:00.792939624+00:00, which contained queue entries, but these were not found when -o o was given when restarting (leading to the error message).

The program translit is from schilytools (https://sourceforge.net/projects/schilytools/files/schily-2018-12-21.tar.bz2/download) and is like tr. I compiled once with SUBARCH=fast_ and once with SUBARCH=_taint in order to get the executables separated in different subdirectories.

[spinpx]

o.1 is created because o directory is existed. I removed the code, and give a panic error with warning directly now. https://github.com/AngoraFuzzer/Angora/commit/6f125afeea697fd55a817003211172f3ab7ed331 The logic of restart is rename the output directory o to o.2019-01-10T07:18:00.792939624+00:00 (extend with timestamp). Then use its queue directory as seed directory. https://github.com/AngoraFuzzer/Angora/blob/6f125afeea697fd55a817003211172f3ab7ed331/fuzzer/src/depot/depot_dir.rs#L27-L34

I still can't find the reason now. I hope these can help you.