winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

can not kill child process,

Open hardik05 opened this issue 6 years ago • 1 comments

i am running winafl 1.1.6 and dynamorio DynamoRIO-Windows-7.1.0-1 on 4 core machine and every few hours i am getting this issue: Windows 7-2019-12-11-08-50-15

it seems that .cur_input file is also increasing to around 1 gb, actual input files are around 64-92kb only. so looks like input file are not getting closed and data is just getting appended to it? Windows 7-2019-12-11-08-48-53 any ideas?

hardik05 avatar Dec 11 '19 03:12 hardik05

I've seen this before (and others also, perhaps it's worth going through older bugs to see if there are some tips). Apparently sometimes, for reasons unknown to me, the target process ends up in a state where afl-fuzz can't kill it. This usually manifests here: https://github.com/googleprojectzero/winafl/blob/master/afl-fuzz.c#L2703 when afl-fuzz tries to write a new sample, can't open the file for writing because the target still has it open, afl-fuzz can't kill the process so it errors out.

The append thing is new though, I haven't seen that before, and don't know where it could happen as I don't see any place where afl-fuzz opens the file using the O_APPEND or a similar flag.

As for not being able to kill the process issue, perhaps it's worth experimenting with other DynamoRIO versions, I seem to remember someone mentioning that it made the problem occur less frequently.

ifratric avatar Dec 11 '19 09:12 ifratric