To debug a fuzzer (or anything really), I use this magical strace command:

strace -tt -yy -y -f -e trace=open,read,write,pipe,socket,dup2,clone,close -s 10000 -o /tmp/strace.log ./tool

• -tt enables microseconds
• -yy prints additional information about each file descriptor (like, files, sockets, etc.)
• -f follows forks (get all info about subprocesses, threads, etc.)
• -e trace= traces only specific syscalls we are interested in
• -s increases the max size of logged strings
• -o writes everything to /tmp/strace.log

Then, I can look at the log in vim or vscode, both with syntax hightlighting ( in vim, you may need to :set filetype=strace )

As additional weapon, I add -k which can dump a stacktrace at every syscall. Super slow, but super useful.

#fuzzing #fuzzingTips #debugging