wip fix

src/afl-fuzz-init.c

@@ -1026,6 +1026,14 @@ void perform_dry_run(afl_state_t *afl) {
         /* Remove from fuzzing queue but keep for splicing */
 
         struct queue_entry *p = afl->queue;
+
+        if (!p->disabled && !p->was_fuzzed) {
+
+          --afl->pending_not_fuzzed;
+          --afl->active_paths;
+
+        }
+
         p->disabled = 1;
         p->perf_score = 0;
         while (p && p->next != q)
@@ -1036,9 +1044,6 @@ void perform_dry_run(afl_state_t *afl) {
         else
           afl->queue = q->next;
 
-        --afl->pending_not_fuzzed;
-        --afl->active_paths;
-
         afl->max_depth = 0;
         p = afl->queue;
         while (p) {
@@ -1123,9 +1128,17 @@ restart_outer_cull_loop:
       if (!p->cal_failed && p->exec_cksum == q->exec_cksum) {
 
         duplicates = 1;
+        if (!p->disabled && !q->disabled && !p->was_fuzzed && !q->was_fuzzed) {
+
           --afl->pending_not_fuzzed;
           afl->active_paths--;
 
+        } else {
+        
+          FATAL("disabled entry? this should not happen, please report!");
+        
+        }
+
         // We do not remove any of the memory allocated because for
         // splicing the data might still be interesting.
         // We only decouple them from the linked list.

src/afl-fuzz-one.c

@@ -2782,7 +2782,10 @@ abandon_entry:
      cycle and have not seen this entry before. */
 
   if (!afl->stop_soon && !afl->queue_cur->cal_failed &&
-      (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0)) {
+      (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0) &&
+      !afl->queue_cur->disabled) {
+
+    if (!afl->queue_cur->was_fuzzed) {
 
       --afl->pending_not_fuzzed;
       afl->queue_cur->was_fuzzed = 1;
@@ -2790,6 +2793,8 @@ abandon_entry:
 
     }
 
+  }
+
   ++afl->queue_cur->fuzz_level;
   orig_in = NULL;
   return ret_val;