Work in progress continuous fuzzing infrastructure. Mainly build and maintained to continuously fuzz Bitcoin Core but support for adding and fuzzing other projects is available (see projects/).

docker build --tag fuzzor-base:latest --file infra/Dockerfile.base .

cd projects/bitcoin
docker build --tag fuzzor-bitcoin:latest .

docker run -it fuzzor-bitcoin:latest

FUZZ=txgraph ./out/libfuzzer_asan/fuzz

• Automatic bug reports
• Automatic coverage report creation
• Support for major fuzzing engines (AFL++, libFuzzer, honggfuzz, Native Golang)
• Crash deduplication
• Corpus minimization with all supported engines
• Real-time ensemble fuzzing
• Coverage based campaign scheduling
• Support for experimental fuzzing engines (e.g. fuzz driven characterization testing with SemSan)

• Support for more fuzzing engines (e.g. Radamsa, libafl_libfuzzer, libafl-fuzz, ...)
• Snapshot fuzzing support (e.g. using full-system libafl_qemu and/or nyx)
• Concolic fuzzing engine support
• Automatic bug triaging
• Automatic pull request fuzzing

• core-lightning: fuzz-connectd-handshake-act2: Assertion 'write_count == 1 && "too many calls to io_write()"' (details)
• core-lightning: fuzz-cryptomsg: Assertion 'cryptomsg_decrypt_body(buf, &cs_in, buf) == NULL' (details)
• core-lightning: fuzz-bolt12-bech32-decode: index 128 out of bounds for type 'const int8_t[128]' (details)
• lnd: FuzzProbability: normalization factor is zero (details)
• lnd: FuzzReplyChannelRange: failed to encode message to buffer (details)
• bitcoin: wallet_bdb_parser: BDB builtin encryption is not supported (details)
• bitcoin: rpc: runtime error: reference binding to null pointer of type 'const value_type' (details)
• bitcoin: script: Assertion '!extract_destination_ret' failed (details)
• bitcoin: scriptpubkeyman: heap-buffer-overflow miniscript.cpp in CScript BuildScript (details)
• bitcoin: p2p_headers_presync: Assertion 'total_work < chainman.MinimumChainWork()' failed (details)
• bitcoin: connman: terminate called after throwing an instance of 'std::bad_alloc' (details)
• bitcoin #30243: mocked_descriptor_parse: Assertion '(leaf_version & ~TAPROOT_LEAF_MASK) == 0' failed (details)
• bitcoin #31244: various descriptor parsing crashes (details)
• bitcoin #28584: null-ptr deref (details)
• bitcoin #28584: use of uninitialized memory (details)