Open JustinDrake opened 4 years ago
Look like a default timeout issue, I just published a fix https://github.com/sigp/beacon-fuzz/commit/1b5cfd978afc35285a60ec8c365663d071cc2ee8
Please, do the following:
$ git pull
$ make teku
Let me know if it is not working.
Nope, still not working.
Can you give me more info about your specs? because I suppose the fuzzer is not "running fast enough". Teku fuzzing is really slow for now because it is running inside the JVM...
Yep, Teku's fuzzers are the slowest we have. Here's @JustinDrake 's laptop specs:
Hey @JustinDrake - we're pretty sure this is a timeout related issue, most likely due to the slowness of Teku's fuzzer.
I've created a dedicated branch that should hopefully address this problem. Could you please follow these steps (from the beacon-fuzz
folder):
git pull
git checkout teku-timeout-fix
cd eth2fuzz
&& make teku CACHE=--no-cache
docker run -it -v $(pwd)/workspace:/eth2fuzz/workspace eth2fuzz_teku target teku_attester_slashing
Let us know if this fixes the problem for you. Cheers!
Nope, still not working :) I performed all the steps above.
Justins-MBP:eth2fuzz justin$ docker run -it -v $(pwd)/workspace:/eth2fuzz/workspace eth2fuzz_teku target teku_attester_slashing
[eth2fuzz] Testing FuzzerJavaJQFAfl is available
Performing pilot run.... Pilot run success! Launching AFL now...
[+] Loaded environment variable AFL_SKIP_BIN_CHECK with value 1
[+] Loaded environment variable AFL_AUTORESUME with value 1
[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
[+] Loaded environment variable AFL_SKIP_CRASHES with value 1
[+] Loaded environment variable AFL_NO_AFFINITY with value 1
[+] Loaded environment variable AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES with value 1
afl-fuzz++2.65d based on afl by Michal Zalewski and a big online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] Power schedules from github.com/mboehme/aflfast
[+] Python Mutator and llvm_mode whitelisting from github.com/choller/afl
[+] afl-tmin fork server patch from github.com/nccgroup/TriforceAFL
[+] MOpt Mutator from github.com/puppet-meteor/MOpt-AFL
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE, default)
[+] You have 4 CPU cores and 2 runnable tasks (utilization: 50%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.md.
[!] WARNING: Not binding to a CPU core (AFL_NO_AFFINITY set).
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning '/eth2fuzz/workspace/corpora/attester_slashing'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,time:0,orig:00000000000000000000000000000000.00000002.honggfuzz.cov'...
[*] Spinning up the fork server...
[-] PROGRAM ABORT : Timeout while initializing fork server (adjusting -t may help)
Location : afl_fsrv_start(), src/afl-forkserver.c:682
[eth2fuzz] Fuzzer quit
Interesting, you seem to be the only person with this issue (we confirmed with other MacOS users that they're able to run this fuzzer).
After [*] Spinning up the fork server...
, did it hang for 5 minutes before the next error message? Asking since I changed the timeout value to 5 minutes on the teku-timeout-fix
branch. Thanks!
After [*] Spinning up the fork server..., did it hang for 5 minutes before the next error message?
Nope, it does not. It fails immediately after this message.
I'm on the correct branch and I did recompile teku as above:
Justins-MBP:eth2fuzz justin$ git branch
master
* teku-timeout-fix
Ok, turns out an environment variable used within AFL might be overriding the timeout value. We just (hopefully) fixed this in the latest commit on teku-timeout-fix
(commit 753b00a4). If this doesn't work, I suspect it'll most likely be related to something else (perhaps an OS limitation on Mojave).
Please follow these steps, assuming you're on the teku-timeout-fix
branch (it should take you at least 30+ minutes to rebuild the docker):
git pull
cd eth2fuzz
&& make teku CACHE=--no-cache
docker run -it -v $(pwd)/workspace:/eth2fuzz/workspace eth2fuzz_teku target teku_attester_slashing
If this doesn't work, we'll have to investigate further.
A little birdy suggested I do the following:
The second command is not working: