Fuzzer with ASan Error Handling

Hi all!

I have some question and issues to use the fuzzer with AddressSanitizer.

I want to build the RUST program(e.g., dtools) with and process fuzzing test with asan. However, there are some errors to run the fuzzer with asan.

I build and run the program with fuzzer with commend like below :

RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/debug/main

And it generate the error message like below :

[+] Loaded environment variable AFL_SKIP_BIN_CHECK with value 1
[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
afl-fuzz++4.00c based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" EiƟfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at
[+] NOTE: This is v3.x which changes defaults and behaviours - see
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[*] Checking core_pattern...
[+] You have 128 CPU cores and 43 runnable tasks (utilization: 34%).
[+] Try parallel jobs - see docs/
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #2.
[*] Scanning 'in'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:abcdefg'...
[*] Spinning up the fork server...

[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:

    - The target binary crashes because necessary runtime conditions it needs
      are not met. Try to:
      1. Run again with AFL_DEBUG=1 set and check the output of the target
         binary for clues.
      2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
         generated core dump.

    - Possibly the target requires a huge coverage map and has CTORS.
      Retry with setting AFL_MAP_SIZE=10000000.

Otherwise there is a horrible bug in the fuzzer.
Poke <> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server handshake failed
         Location : afl_fsrv_start(), src/afl-forkserver.c:1229

Is there any solution to solve the issuse and run the fuzzing?

Thank you very much. Have a nice day!

Did you try analyzing AFL_DEBUG=1 or ulimit -c unlimited?

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.