Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFlite doesn't seem to show backtraces by default when bugs aren't reproducible #67

Open
evverx opened this issue Dec 16, 2021 · 2 comments
Open

CFlite doesn't seem to show backtraces by default when bugs aren't reproducible #67

evverx opened this issue Dec 16, 2021 · 2 comments
Assignees
@jonathanmetzman

Comments

@evverx
Copy link
Contributor

evverx commented Dec 16, 2021

https://github.com/evverx/elfutils/runs/4541456435?check_suite_focus=true

2021-12-16T00:15:02.4107312Z INFO: Seed: 1337
2021-12-16T00:15:02.4497204Z INFO: Loaded 1 modules   (15250 inline 8-bit counters): 15250 [0x7dee1b, 0x7e29ad), 
2021-12-16T00:15:02.4502091Z INFO: Loaded 1 PC tables (15250 PCs): 15250 [0x747a30,0x783350), 
2021-12-16T00:15:02.4510120Z INFO:        7 files found in /github/workspace/cifuzz-corpus/fuzz-dwfl-core
2021-12-16T00:15:02.4511154Z INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 249851 bytes
2021-12-16T00:15:02.4516748Z INFO: seed corpus: files: 7 min: 568b max: 249851b total: 279535b rss: 70Mb
2021-12-16T00:15:28.6084552Z 2021-12-16 00:15:28,513 - root - INFO - Fuzzer: fuzz-dwfl-core. Detected bug.
2021-12-16T00:15:28.6095082Z 2021-12-16 00:15:28,573 - root - INFO - Trying to reproduce crash using: /tmp/tmp1zc5yps3/tmp83o6vkm6.
2021-12-16T00:15:29.3282172Z 2021-12-16 00:15:29,325 - root - INFO - Reproduce command returned: 0. Not reproducible on /github/workspace/build-out/fuzz-dwfl-core.
2021-12-16T00:15:29.3303060Z 2021-12-16 00:15:29,326 - root - INFO - Crash is not reproducible.
2021-12-16T00:15:29.3436231Z 2021-12-16 00:15:29,341 - root - INFO - Deleting corpus and seed corpus of fuzz-dwfl-core to save disk.
2021-12-16T00:15:29.3456056Z 2021-12-16 00:15:29,344 - root - INFO - Deleting fuzz target: fuzz-dwfl-core.
2021-12-16T00:15:29.3475358Z 2021-12-16 00:15:29,345 - root - INFO - Done deleting.
2021-12-16T00:15:29.3488252Z 2021-12-16 00:15:29,347 - root - INFO - Fuzzer fuzz-dwfl-core finished running without reportable crashes.
2021-12-16T00:15:29.3543613Z 2021-12-16 00:15:29,353 - root - INFO - No crashes in /github/workspace/out/artifacts. Not uploading.

Looking at "report-unreproducible-crashes: false" it seems I can flip that flag to make it "reportable" but I think it would be great if backtraces were shown by default even when bugs aren't reproducible.
@evverx
Copy link
Contributor Author

evverx commented Dec 16, 2021

Based on what ./infra/helper.py --external shows it seems to be a variation of OOM (that I think should have been handled by setting to allocator_may_return_null to 1):

INFO:        8 files found in /tmp/fuzz-dwfl-core_corpus
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 249856 bytes
INFO: seed corpus: files: 8 min: 568b max: 249856b total: 529391b rss: 67Mb
==13==ERROR: MemorySanitizer: allocator is out of memory trying to allocate 0x100000fff bytes
    #0 0x4d55f2 in __interceptor_calloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:880:3
    #1 0x634c77 in dwfl_segment_report_module /src/elfutils/libdwfl/dwfl_segment_report_module.c:914:24
    #2 0x537e1d in dwfl_core_file_report /src/elfutils/libdwfl/core-file.c:559:17
    #3 0x528c7b in LLVMFuzzerTestOneInput /src/elfutils/tests/fuzz-dwfl-core.c:39:7
    #4 0x456bc3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
    #5 0x4563aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) cxa_noexception.cpp
    #6 0x458204 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp
    #7 0x458439 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp
    #8 0x447e6f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
    #9 0x470fc2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #10 0x7fa0e451c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

DEDUP_TOKEN: __interceptor_calloc--dwfl_segment_report_module--dwfl_core_file_report
==13==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: MemorySanitizer: out-of-memory /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:880:3 in __interceptor_calloc
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-450f5fb653c17b0957ee5d9494b46fd1ae4b646d

with ./infra/helper.py run_fuzzer --external -e MSAN_OPTIONS=allocator_may_return_null=1 ~/elfutils fuzz-dwfl-core it crashes as usual

@evverx evverx mentioned this issue Dec 16, 2021
Open
@jonathanmetzman
Copy link
Collaborator

Will look at this when I come back from vacation.

@jonathanmetzman jonathanmetzman self-assigned this Dec 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanmetzman jonathanmetzman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evverx @jonathanmetzman