testing: Getting "fuzzing process hung or terminated unexpectedly" errors during fuzzing even when only one worker is fuzzing

[personnumber3377]

Go version

go version go1.24.4 linux/amd64

Output of go env in your module/workspace:

AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/home/oof/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/home/oof/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2857956283=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD=''
GOMODCACHE='/home/oof/.asdf/installs/golang/1.24.4/packages/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/oof/.asdf/installs/golang/1.24.4/packages'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/oof/.asdf/installs/golang/1.24.4/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/oof/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/oof/.asdf/installs/golang/1.24.4/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

What did you do?

Hi!

I am fuzzing this program here:

package http_diff_fuzz


import (
	"context"
	"io"
	"net"
	"net/http"
	"testing"
	"time"
)


func FuzzCompareCurlBehavior(f *testing.F) {
	// Add a seed input
	f.Add([]byte("HTTP/1.1 301 Moved Permanently\r\nContent-Length: 0\r\nLocation: http://www.redirect.com/\r\n\r\n"),
		[]byte("HTTP/1.1 200 OK\r\nContent-Length: 5\r\n\r\nhello"))

	f.Fuzz(func(t *testing.T, buf1, buf2 []byte) {

		if len(buf2) > 5000 || len(buf1) > 5000 {
			return
		}
		// Reset state
		requests := [][]byte{}
		connIndex := 0

		responseChain := [][]byte{buf1, buf2}

		// Setup listener and mock server
		listener, err := net.Listen("tcp", "127.0.0.1:8080")
		if err != nil {
			return
		}
		defer listener.Close()

		go func() {
			for {
				conn, err := listener.Accept()
				if err != nil {
					return
				}
				go func(c net.Conn) {
					defer c.Close()
					if connIndex >= len(responseChain) {
						return
					}
					reqBuf := make([]byte, 2048)
					n, err := c.Read(reqBuf)
					if err != nil {
						return
					}
					requests = append(requests, reqBuf[:n])
					c.Write(responseChain[connIndex])
					connIndex++
				}(conn)
			}
		}()

		// Prepare HTTP client with socket override
		client := &http.Client{
			Timeout: time.Second * 3,
			Transport: &http.Transport{
				DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
					return net.Dial("tcp", listener.Addr().String())
				},
				DisableCompression: true,
			},
		}

		// Send request
		req, err := http.NewRequest("GET", "http://127.0.0.1/", nil)
		if err != nil {
			return
		}
		req.Header.Set("Host", "127.0.0.1")
		req.Header.Set("Accept", "*/*")
		req.Header.Del("Accept-Encoding")
		req.Header.Set("User-Agent", "")
		// panic("fefe")
		resp, err := client.Do(req)
		if err != nil {
			return
		}
		io.ReadAll(resp.Body)
		resp.Body.Close()
	})
}

and I am fuzzing it with this command line: go test -v -fuzzminimizetime 0 -parallel 1 -fuzz=FuzzCompareCurlBehavior . I have attached my fuzz corpus to this bug report. I am getting this output:

oof@elskun-lppri:~/debug_golang$ go test -v -fuzzminimizetime 0 -parallel 1 -fuzz=FuzzCompareCurlBehavior
=== RUN   FuzzCompareCurlBehavior
fuzz: elapsed: 0s, gathering baseline coverage: 0/2165 completed
fuzz: elapsed: 3s, gathering baseline coverage: 482/2165 completed
fuzz: elapsed: 6s, gathering baseline coverage: 929/2165 completed
fuzz: elapsed: 9s, gathering baseline coverage: 1420/2165 completed
fuzz: elapsed: 12s, gathering baseline coverage: 1885/2165 completed
fuzz: elapsed: 14s, gathering baseline coverage: 2165/2165 completed, now fuzzing with 1 workers
fuzz: elapsed: 15s, execs: 2539 (218/sec), new interesting: 1 (total: 2166)
fuzz: elapsed: 18s, execs: 3669 (377/sec), new interesting: 7 (total: 2172)
fuzz: elapsed: 21s, execs: 4892 (408/sec), new interesting: 7 (total: 2172)
fuzz: elapsed: 24s, execs: 6437 (515/sec), new interesting: 10 (total: 2175)
fuzz: elapsed: 27s, execs: 7519 (361/sec), new interesting: 11 (total: 2176)
fuzz: elapsed: 30s, execs: 8665 (382/sec), new interesting: 13 (total: 2178)
fuzz: elapsed: 33s, execs: 9726 (354/sec), new interesting: 15 (total: 2180)
fuzz: elapsed: 36s, execs: 10850 (375/sec), new interesting: 16 (total: 2181)
fuzz: elapsed: 39s, execs: 11957 (369/sec), new interesting: 17 (total: 2182)
fuzz: elapsed: 42s, execs: 13191 (411/sec), new interesting: 17 (total: 2182)
fuzz: elapsed: 45s, execs: 14556 (455/sec), new interesting: 18 (total: 2183)
fuzz: elapsed: 48s, execs: 15688 (377/sec), new interesting: 19 (total: 2184)
fuzz: elapsed: 51s, execs: 17182 (498/sec), new interesting: 21 (total: 2186)
fuzz: elapsed: 54s, execs: 18289 (369/sec), new interesting: 22 (total: 2187)
fuzz: elapsed: 57s, execs: 19372 (361/sec), new interesting: 23 (total: 2188)
fuzz: elapsed: 1m0s, execs: 20429 (352/sec), new interesting: 23 (total: 2188)
fuzz: elapsed: 1m3s, execs: 21403 (325/sec), new interesting: 24 (total: 2189)
fuzz: elapsed: 1m6s, execs: 22492 (363/sec), new interesting: 24 (total: 2189)
fuzz: elapsed: 1m9s, execs: 23856 (454/sec), new interesting: 25 (total: 2190)
fuzz: elapsed: 1m12s, execs: 25114 (420/sec), new interesting: 30 (total: 2195)
fuzz: elapsed: 1m15s, execs: 26193 (360/sec), new interesting: 31 (total: 2196)
fuzz: elapsed: 1m18s, execs: 27346 (384/sec), new interesting: 34 (total: 2199)
fuzz: elapsed: 1m21s, execs: 28511 (388/sec), new interesting: 34 (total: 2199)
fuzz: elapsed: 1m24s, execs: 29580 (356/sec), new interesting: 34 (total: 2199)
fuzz: elapsed: 1m27s, execs: 31357 (593/sec), new interesting: 35 (total: 2200)
fuzz: elapsed: 1m30s, execs: 33694 (779/sec), new interesting: 35 (total: 2200)
fuzz: elapsed: 1m33s, execs: 35848 (718/sec), new interesting: 37 (total: 2202)
fuzz: elapsed: 1m35s, execs: 37421 (717/sec), new interesting: 37 (total: 2202)
--- FAIL: FuzzCompareCurlBehavior (95.73s)
    fuzzing process hung or terminated unexpectedly: exit status 2
    Failing input written to testdata/fuzz/FuzzCompareCurlBehavior/301cf52b6e7456aa
    To re-run:
    go test -run=FuzzCompareCurlBehavior/301cf52b6e7456aa
=== NAME
FAIL
exit status 1
FAIL    _/home/oof/debug_golang    95.774s

but when I try to run go test -run=FuzzCompareCurlBehavior/301cf52b6e7456aa, the crash doesn't happen.

I tried to look this up and found this here: #56238 , but in that issue this only happens when running with multiple workers, but for me it happens even though I am running only one worker.

Here are all of the files which I used: all_files.zip

What did you see happen?

Crashes which do not crash when trying to reproduce.

What did you expect to see?

Fuzzing continues normally.

[gabyhelp]

Related Issues

• testing: fuzzing failed to run if test run with open TCP connections #71560 (closed)
• [dev.fuzz] cmd/go: Running with more workers is significantly slower and ends unexpectedly #46576 (closed)
• testing,internal/fuzz: Fuzzer reports 0 execs/sec and keeps running #51484 (closed)
• internal/fuzz: many data races when fuzzing trivial string input #48307 (closed)
• testing: unexpected variance in fuzzing rate #63838 (closed)
• cmd/go, testing: go fuzz testing get's stuck somewhere else other than the code to be fuzzed #74571
• cmd/go: fuzzing doesn't work with environment startup #52133 (closed)
• testing,internal/fuzz: improve detection and reporting of deadlocks during fuzzing #48591 (closed)
• testing: fuzzer doesn't timeout infinite loops #48611 (closed)
• [dev.fuzz] cmd/go: hangs in "gathering baseline coverage" #46633 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[seankhliao]

I don't think we guarantee a single fuzz worker + time between port reuse.
you should be using unique global resources like ports for each instance