From 34b2a739cb75e54bd7be1aa93e02fe93838f25f7 Mon Sep 17 00:00:00 2001 From: bmc-msft <41130664+bmc-msft@users.noreply.github.com> Date: Thu, 18 Mar 2021 13:25:12 -0400 Subject: [PATCH] provide parsed call stack details asan logs (#591) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For a given entry in a call stack, this parses out the following: line, function name, function offset, source file name, source file line, module path, and module offset. Additionally, this provides a code-generated libclusterfuzz port of the regular expressions used for stack minimization. For an example of the minimization, instead of: ```json [ "#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3", "#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5", "#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3", "#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6", "#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3", "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)", "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10", "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23", "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24", "#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15", "#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6", "#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9","#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10", "#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310", ] ``` The minimized call stack is: ```json [ "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*)", "json_fuzzer.cc" ] ``` This also provides a naïve function name list, which comes close to Clusterfuzz's function identification. This would result in: ```json [ "Json::OurReader::parse", "Json::OurCharReader::parse", "json_fuzzer.cc" ] ``` Lastly, for our `stack hash` functionality used by the crash reporting task, those now provide the ability to specify the number of frames to include when building the hash. --- src/agent/Cargo.lock | 143 +++-- src/agent/Cargo.toml | 4 +- src/agent/libclusterfuzz/.gitignore | 1 + src/agent/libclusterfuzz/Cargo.toml | 14 + src/agent/libclusterfuzz/LICENSE | 202 +++++++ src/agent/libclusterfuzz/README.md | 11 +- src/agent/libclusterfuzz/src/generated.rs | 204 +++++++ src/agent/libclusterfuzz/src/lib.rs | 47 ++ src/agent/libclusterfuzz/third-party/build.py | 69 +++ .../third-party/crash_analysis/__init__.py | 0 .../crash_analysis/stack_parsing.py | 6 + .../libclusterfuzz/third-party/update.sh | 17 + src/agent/onefuzz-agent/Cargo.toml | 1 + .../src/local/generic_crash_report.rs | 1 + .../src/local/libfuzzer_crash_report.rs | 1 + .../src/tasks/report/crash_report.rs | 51 +- .../onefuzz-agent/src/tasks/report/generic.rs | 8 +- .../src/tasks/report/libfuzzer_report.rs | 4 + src/agent/onefuzz/Cargo.toml | 1 + src/agent/onefuzz/src/asan.rs | 305 +--------- src/agent/onefuzz/src/expand.rs | 10 +- src/agent/onefuzz/src/input_tester.rs | 5 +- src/agent/stacktrace-parser/Cargo.toml | 17 + ...asan-check-failure-missing-symbolizer.json | 168 ++++++ .../parsed-traces/asan-check-failure.json | 155 +++++ .../parsed-traces/asan-odr-violation.json | 32 + .../clang-10-asan-breakpoint.json | 571 ++++++++++++++++++ .../parsed-traces/libfuzzer-asan-log.json | 95 +++ .../libfuzzer-deadly-signal.json | 206 +++++++ ...zer-linux-llvm10-out-of-memory-malloc.json | 167 +++++ ...fuzzer-linux-llvm10-out-of-memory-rss.json | 64 ++ .../libfuzzer-scariness-underflow.json | 116 ++++ .../parsed-traces/libfuzzer-scariness.json | 116 ++++ ...r-windows-llvm10-out-of-memory-malloc.json | 184 ++++++ ...zzer-windows-llvm10-out-of-memory-rss.json | 6 + .../tsan-linux-llvm10-data-race.json | 6 + .../asan-check-failure-missing-symbolizer.txt | 0 .../data/stack-traces}/asan-check-failure.txt | 0 .../data/stack-traces}/asan-odr-violation.txt | 0 .../clang-10-asan-breakpoint.txt | 0 .../data/stack-traces}/libfuzzer-asan-log.txt | 0 .../stack-traces}/libfuzzer-deadly-signal.txt | 0 ...zzer-linux-llvm10-out-of-memory-malloc.txt | 0 ...bfuzzer-linux-llvm10-out-of-memory-rss.txt | 0 .../libfuzzer-scariness-underflow.txt | 0 .../stack-traces}/libfuzzer-scariness.txt | 0 ...er-windows-llvm10-out-of-memory-malloc.txt | 0 ...uzzer-windows-llvm10-out-of-memory-rss.txt | 0 .../tsan-linux-llvm10-data-race.txt | 0 src/agent/stacktrace-parser/src/asan.rs | 266 ++++++++ .../src/bin/parse-stacktrace.rs | 17 + src/agent/stacktrace-parser/src/lib.rs | 446 ++++++++++++++ 52 files changed, 3386 insertions(+), 351 deletions(-) create mode 100644 src/agent/libclusterfuzz/.gitignore create mode 100644 src/agent/libclusterfuzz/Cargo.toml create mode 100644 src/agent/libclusterfuzz/LICENSE create mode 100644 src/agent/libclusterfuzz/src/generated.rs create mode 100644 src/agent/libclusterfuzz/src/lib.rs create mode 100644 src/agent/libclusterfuzz/third-party/build.py create mode 100644 src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py create mode 100644 src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py create mode 100755 src/agent/libclusterfuzz/third-party/update.sh create mode 100644 src/agent/stacktrace-parser/Cargo.toml create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure-missing-symbolizer.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/asan-odr-violation.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/clang-10-asan-breakpoint.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-asan-log.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-deadly-signal.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-rss.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness-underflow.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-rss.json create mode 100644 src/agent/stacktrace-parser/data/parsed-traces/tsan-linux-llvm10-data-race.json rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/asan-check-failure-missing-symbolizer.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/asan-check-failure.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/asan-odr-violation.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/clang-10-asan-breakpoint.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-asan-log.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-deadly-signal.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-linux-llvm10-out-of-memory-malloc.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-linux-llvm10-out-of-memory-rss.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-scariness-underflow.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-scariness.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-windows-llvm10-out-of-memory-malloc.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/libfuzzer-windows-llvm10-out-of-memory-rss.txt (100%) rename src/agent/{onefuzz/data => stacktrace-parser/data/stack-traces}/tsan-linux-llvm10-data-race.txt (100%) create mode 100644 src/agent/stacktrace-parser/src/asan.rs create mode 100644 src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs create mode 100644 src/agent/stacktrace-parser/src/lib.rs diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index a2216c191..e59021232 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -33,6 +33,15 @@ dependencies = [ "winapi 0.3.9", ] +[[package]] +name = "ansi_term" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" +dependencies = [ + "winapi 0.3.9", +] + [[package]] name = "anyhow" version = "1.0.38" @@ -184,7 +193,7 @@ checksum = "36ea56748e10732c49404c153638a15ec3d6211ec5ff35d9bb20e13b93576adf" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -359,7 +368,7 @@ version = "2.33.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" dependencies = [ - "ansi_term", + "ansi_term 0.11.0", "atty", "bitflags", "strsim", @@ -519,7 +528,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8f45d9ad417bcef4817d614a501ab55cdd96a6fdb24f49aab89a54acfd66b19" dependencies = [ "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -556,9 +565,15 @@ checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] +[[package]] +name = "diff" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e25ea47919b1560c4e3b7fe0aaab9becf5b84a10325ddf7db0f0ba5e1026499" + [[package]] name = "digest" version = "0.9.0" @@ -649,7 +664,7 @@ checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", "synstructure", ] @@ -731,7 +746,7 @@ checksum = "63f713f8b2aa9e24fec85b0e290c56caee12e3b6ae0aeeda238a75b28251afd6" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -882,7 +897,7 @@ dependencies = [ "proc-macro-hack", "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -1275,9 +1290,18 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03b07a082330a35e43f63177cc01689da34fbffa0105e1246cf0311472cac73a" +checksum = "538c092e5586f4cdd7dd8078c4a79220e3e168880218124dcbce860f0ea938c6" + +[[package]] +name = "libclusterfuzz" +version = "0.0.1" +dependencies = [ + "anyhow", + "lazy_static", + "regex", +] [[package]] name = "libproc" @@ -1397,9 +1421,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.7.9" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5dede4e2065b3842b8b0af444119f3aa331cc7cc2dd20388bfb0f5d5a38823a" +checksum = "2182a122f3b7f3f5329cb1972cee089ba2459a0a80a56935e6e674f096f8d839" dependencies = [ "libc", "log", @@ -1569,7 +1593,7 @@ dependencies = [ "fsevent-sys 3.0.2", "inotify 0.9.2", "libc", - "mio 0.7.9", + "mio 0.7.10", "walkdir", "winapi 0.3.9", ] @@ -1656,6 +1680,7 @@ dependencies = [ "serde_derive", "serde_json", "sha2", + "stacktrace-parser", "storage-queue", "strum", "strum_macros", @@ -1691,6 +1716,7 @@ dependencies = [ "reqwest-retry", "serde", "serde_json", + "stacktrace-parser", "storage-queue", "tempfile", "tokio", @@ -1746,15 +1772,15 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.32" +version = "0.10.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "038d43985d1ddca7a9900630d8cd031b56e4794eecc2e9ea39dd17aa04399a70" +checksum = "a61075b62a23fef5a29815de7536d940aa35ce96d18ce0cc5076272db678a577" dependencies = [ "bitflags", "cfg-if 1.0.0", "foreign-types 0.3.2", - "lazy_static", "libc", + "once_cell", "openssl-sys", ] @@ -1766,9 +1792,9 @@ checksum = "77af24da69f9d9341038eba93a073b1fdaaa1b788221b00a69bce9e762cb32de" [[package]] name = "openssl-sys" -version = "0.9.60" +version = "0.9.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "921fc71883267538946025deffb622905ecad223c28efbfdef9bb59a0175f3e6" +checksum = "313752393519e876837e09e1fa183ddef0be7735868dced3196f4472d536277f" dependencies = [ "autocfg", "cc", @@ -1787,6 +1813,15 @@ dependencies = [ "winapi 0.3.9", ] +[[package]] +name = "output_vt100" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53cdc5b785b7a58c5aad8216b3dfa114df64b0b06ae6e1501cef91df2fbdf8f9" +dependencies = [ + "winapi 0.3.9", +] + [[package]] name = "parking" version = "2.0.0" @@ -1814,18 +1849,18 @@ dependencies = [ [[package]] name = "path-absolutize" -version = "3.0.6" +version = "3.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a6ab2aaa5faefed84db46e4398eab15fa51325606462b5da8b0e230af3ac59a" +checksum = "a7bf455a55d762f9ad0385747ba7fda9bd3dee9b40469bfb1c64c3aa6b073ee9" dependencies = [ "path-dedot", ] [[package]] name = "path-dedot" -version = "3.0.7" +version = "3.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "658c6e985fce9c25289fe7c86c08a3cbe82c19a3cd5b3bc5945c8c632552e460" +checksum = "c7794b94034e62eef81e8b9ea0690b31f522fd38394ca51e7997d499d0372fb5" dependencies = [ "once_cell", ] @@ -1875,7 +1910,7 @@ checksum = "758669ae3558c6f74bd2a18b41f7ac0b5a195aea6639d6a9b5e5d1ad5ba24c0b" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -1927,6 +1962,18 @@ version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" +[[package]] +name = "pretty_assertions" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f297542c27a7df8d45de2b0e620308ab883ad232d06c14b76ac3e144bda50184" +dependencies = [ + "ansi_term 0.12.1", + "ctor", + "diff", + "output_vt100", +] + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -1936,7 +1983,7 @@ dependencies = [ "proc-macro-error-attr", "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", "version_check", ] @@ -2164,9 +2211,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.4.4" +version = "1.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54fd1046a3107eb58f42de31d656fee6853e5d276c455fd943742dce89fc3dd3" +checksum = "957056ecddbeba1b26965114e191d2e8589ce74db242b6ea25fc4062427a5c19" dependencies = [ "aho-corasick", "memchr", @@ -2327,7 +2374,7 @@ checksum = "aaaae8f38bb311444cfb7f1979af0bc9240d95795f75f9ceddf6a59b79ceffa0" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2397,7 +2444,7 @@ checksum = "1800f7693e94e186f5e25a28291ae1570da908aff7d97a095dec1e56ff99069b" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2489,7 +2536,7 @@ checksum = "1508efa03c362e23817f96cde18abed596a25219a8b2c66e8db33c03543d315b" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2509,6 +2556,20 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "stacktrace-parser" +version = "0.1.0" +dependencies = [ + "anyhow", + "hex", + "libclusterfuzz", + "pretty_assertions", + "regex", + "serde", + "serde_json", + "sha2", +] + [[package]] name = "static_assertions" version = "0.3.4" @@ -2565,7 +2626,7 @@ dependencies = [ "proc-macro-error", "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2583,7 +2644,7 @@ dependencies = [ "heck", "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2599,9 +2660,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fd9bc7ccc2688b3344c2f48b9b546648b25ce0b20fc717ee7fa7981a8ca9717" +checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", @@ -2616,7 +2677,7 @@ checksum = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", "unicode-xid 0.2.1", ] @@ -2700,7 +2761,7 @@ checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2760,7 +2821,7 @@ checksum = "e44da00bfc73a25f814cd8d7e57a68a5c31b74b3152a0a1d1f590c97ed06265a" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", ] [[package]] @@ -2833,9 +2894,9 @@ checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" [[package]] name = "typenum" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" +checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06" [[package]] name = "unicase" @@ -2984,9 +3045,9 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" [[package]] name = "version_check" -version = "0.9.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed" +checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" [[package]] name = "waker-fn" @@ -3050,7 +3111,7 @@ dependencies = [ "log", "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", "wasm-bindgen-shared", ] @@ -3084,7 +3145,7 @@ checksum = "cc053ec74d454df287b9374ee8abb36ffd5acb95ba87da3ba5b7d3fe20eb401e" dependencies = [ "proc-macro2 1.0.24", "quote 1.0.9", - "syn 1.0.63", + "syn 1.0.64", "wasm-bindgen-backend", "wasm-bindgen-shared", ] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index be2b8b119..f62010ba6 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -11,7 +11,9 @@ members = [ "reqwest-retry", "storage-queue", "win-util", + "libclusterfuzz", + "stacktrace-parser", ] [profile.release] -lto = "thin" \ No newline at end of file +lto = "thin" diff --git a/src/agent/libclusterfuzz/.gitignore b/src/agent/libclusterfuzz/.gitignore new file mode 100644 index 000000000..1269488f7 --- /dev/null +++ b/src/agent/libclusterfuzz/.gitignore @@ -0,0 +1 @@ +data diff --git a/src/agent/libclusterfuzz/Cargo.toml b/src/agent/libclusterfuzz/Cargo.toml new file mode 100644 index 000000000..b5951f237 --- /dev/null +++ b/src/agent/libclusterfuzz/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "libclusterfuzz" +version = "0.0.1" +authors = ["fuzzing@microsoft.com>"] +edition = "2018" +license = "Apache-2.0" +description = "Minimal porting of features from libclusterfuzz" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +anyhow = "1.0" +regex = "1.4" +lazy_static = "1.4" diff --git a/src/agent/libclusterfuzz/LICENSE b/src/agent/libclusterfuzz/LICENSE new file mode 100644 index 000000000..f367dfb2d --- /dev/null +++ b/src/agent/libclusterfuzz/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Google LLC + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/src/agent/libclusterfuzz/README.md b/src/agent/libclusterfuzz/README.md index 858e3d325..8ae90c142 100644 --- a/src/agent/libclusterfuzz/README.md +++ b/src/agent/libclusterfuzz/README.md @@ -1,3 +1,8 @@ -An upcoming PR will include rust code ported from clusterfuzz. This is -intended to enable our component governance process to pick this up such that -we can have our legal review prior to the inclusion of the code. +Please note, this is crate contains rust code generated from parsing python +code from [clusterfuzz](https://github.com/google/clusterfuzz). All of the +code from this project is labeled with Google's original copyright +statements. + +However, any errors may be the result of a mistake in the code generation +process. As such, please file the issues with +[onefuzz](https://github.com/microsoft/onefuzz) first. \ No newline at end of file diff --git a/src/agent/libclusterfuzz/src/generated.rs b/src/agent/libclusterfuzz/src/generated.rs new file mode 100644 index 000000000..4dc9a3ae9 --- /dev/null +++ b/src/agent/libclusterfuzz/src/generated.rs @@ -0,0 +1,204 @@ +// Rust generated by Microsoft, code originally from: +// https://github.com/google/clusterfuzz/blob/master/src/ +// python/lib/clusterfuzz/stacktraces/constants.py +// +// Original Copyright: +// +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +pub const STACK_FRAME_IGNORE_REGEXES: &[&str] = &[ + r"^abort$", + r"^exit$", + r"^pthread_create$", + r"^pthread_kill$", + r"^raise$", + r"^tgkill$", + r"^(|__)aeabi_", + r"^(|__)memcmp", + r"^(|__)memcpy", + r"^(|__)memmove", + r"^(|__)memset", + r"^(|__)strcmp", + r"^(|__)strcpy", + r"^(|__)strdup", + r"^(|__)strlen", + r"^(|__)strncpy", + r"^", + r"^Abort\(", + r"^CFCrash", + r"^ExitCallback", + r"^IsSandboxedProcess", + r"^LLVMFuzzerTestOneInput", + r"^MSanAtExitWrapper", + r"^New", + r"^RaiseException", + r"^SbSystemBreakIntoDebugger", + r"^SignalAction", + r"^SignalHandler", + r"^TestOneProtoInput", + r"^V8_Fatal", + r"^WTF::", + r"^WTFCrash", + r"^X11Error", + r"^_L_unlock_", + r"^_\$LT\$", + r"^__GI_", + r"^__asan::", + r"^__asan_", + r"^__assert_", + r"^__cxa_atexit", + r"^__cxa_rethrow", + r"^__cxa_throw", + r"^__dump_stack", + r"^__hwasan::", + r"^__hwasan_", + r"^__interceptor_", + r"^__kasan_", + r"^__libc_", + r"^__lsan::", + r"^__lsan_", + r"^__msan::", + r"^__msan_", + r"^__pthread_kill", + r"^__run_exit_handlers", + r"^__rust_try", + r"^__sanitizer::", + r"^__sanitizer_", + r"^__tsan::", + r"^__tsan_", + r"^__ubsan::", + r"^__ubsan_", + r"^_asan_", + r"^_hwasan_", + r"^_lsan_", + r"^_msan_", + r"^_objc_terminate", + r"^_sanitizer_", + r"^_start", + r"^_tsan_", + r"^_ubsan_", + r"^abort", + r"^alloc::", + r"^android\.app\.ActivityManagerProxy\.", + r"^android\.os\.Parcel\.", + r"^art::Thread::CreateNativeThread", + r"^asan_", + r"^asan\.module_ctor", + r"^asan\.module_dtor", + r"^calloc", + r"^check_memory_region", + r"^common_exit", + r"^delete", + r"^demangling_terminate_handler", + r"^dump_backtrace", + r"^dump_stack", + r"^exit_or_terminate_process", + r"^fpehandler\(", + r"^free", + r"^fuzzer::", + r"^g_log", + r"^generic_cpp_", + r"^gsignal", + r"^kasan_", + r"^libfuzzer_sys::initialize", + r"^main", + r"^malloc", + r"^mozalloc_", + r"^new", + r"^object_err", + r"^operator", + r"^print_trailer", + r"^realloc", + r"^rust_begin_unwind", + r"^rust_oom", + r"^scanf", + r"^show_stack", + r"^std::__terminate", + r"^std::panic", + r"^std::process::abort", + r"^std::sys::unix::abort", + r"^__scrt_common_main_seh", + r".*ASAN_OnSIGSEGV", + r".*BaseThreadInitThunk", + r".*DebugBreak", + r".*DefaultDcheckHandler", + r".*ForceCrashOnSigAbort", + r".*MemoryProtection::CMemoryProtector", + r".*PartitionAlloc", + r".*RtlFreeHeap", + r".*RtlInitializeExceptionChain", + r".*RtlReportCriticalFailure", + r".*RtlUserThreadStart", + r".*RtlpHeapHandleError", + r".*RtlpLogHeapFailure", + r".*SkDebugf", + r".*StackDumpSignalHandler", + r".*__android_log_assert", + r".*__tmainCRTStartup", + r".*_asan_rtl_", + r".*agent::asan::", + r".*allocator_shim", + r".*asan_Heap", + r".*asan_check_access", + r".*asan_osx_dynamic\.dylib", + r".*assert", + r".*base::FuzzedDataProvider", + r".*base::allocator", + r".*base::android::CheckException", + r".*base::debug::BreakDebugger", + r".*base::debug::CollectStackTrace", + r".*base::debug::StackTrace::StackTrace", + r".*ieee754\-", + r".*libpthread", + r".*logger", + r".*logging::CheckError", + r".*logging::ErrnoLogMessage", + r".*logging::LogMessage", + r".*stdext::exception::what", + r".*v8::base::OS::Abort", + r".* base/callback", + r".*/AOSP\-toolchain/", + r".*/bindings/ToV8\.h", + r".*/crosstool/", + r".*/gcc/", + r".*/glibc\-", + r".*/jemalloc/", + r".*/libc\+\+", + r".*/libc/", + r".*/llvm\-build/", + r".*/minkernel/crts/", + r".*/sanitizer_common/", + r".*/tcmalloc/", + r".*/vc/include/", + r".*/vctools/crt/", + r".*/win_toolchain/", + r".*libc\+\+/", + r".*/memorycmp\.c", + r".*\+Unknown", + r".*", + r".*Inline Function @", + r"^$", + r"^\[vdso\]$", + r"^panic$", + r"^runtime\.", + r"^CrashTrampolineAsm", + r"^libc_io_functions_not_implemented_use_fdio_instead", + r"^", + r"^__zx_panic", + r"^syslog::LogMessage", + r"^print_address_description", + r"^_etext", +]; diff --git a/src/agent/libclusterfuzz/src/lib.rs b/src/agent/libclusterfuzz/src/lib.rs new file mode 100644 index 000000000..3999e2105 --- /dev/null +++ b/src/agent/libclusterfuzz/src/lib.rs @@ -0,0 +1,47 @@ +// Rust generated by Microsoft, code originally from: +// https://github.com/google/clusterfuzz/blob/master/src/ +// python/lib/clusterfuzz/stacktraces/constants.py +// +// Original Copyright: +// +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#[macro_use] +extern crate lazy_static; + +use regex::RegexSet; + +mod generated; + +pub fn get_stack_filter() -> &'static RegexSet { + // NOTE: this is build upon first use, but we've verified these will compile + // using unit tests + lazy_static! { + static ref RE: RegexSet = RegexSet::new(generated::STACK_FRAME_IGNORE_REGEXES) + .expect("libclusterfuzz regex compile error"); + } + &RE +} + +#[cfg(test)] +mod tests { + use super::get_stack_filter; + + #[test] + fn test_stack_filter() { + assert!(get_stack_filter().is_match("abort")); + assert!(!get_stack_filter().is_match("ContosoSaysHi")); + } +} diff --git a/src/agent/libclusterfuzz/third-party/build.py b/src/agent/libclusterfuzz/third-party/build.py new file mode 100644 index 000000000..6098a5ef3 --- /dev/null +++ b/src/agent/libclusterfuzz/third-party/build.py @@ -0,0 +1,69 @@ +#!/usr/bin/env python +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# NOTE: This code loads the `constants.py` from libclusterfuzz, then iterates +# over the entities in the module. As is, this is slightly fragile. +# +# As such, this should be a manual effort where we check in the results, that +# way we can make adjustments as needed. + + +import string +import constants + +data = {} + +NAME_CHECK = string.ascii_uppercase + "_" + +HEADER = """ +// Rust generated by Microsoft, code originally from: +// https://github.com/google/clusterfuzz/blob/master/src/ +// python/lib/clusterfuzz/stacktraces/constants.py +// +// Original Copyright: +// +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +""" + + +for name in dir(constants): + if all(x in NAME_CHECK for x in name): + entry = getattr(constants, name) + if entry is None: + continue + + data[name] = entry + +for_rust = { + "STACK_FRAME_IGNORE_REGEXES": [ + f'r"{x}"' for x in data["STACK_FRAME_IGNORE_REGEXES"] + ], +} + +with open("../src/generated.rs", "w") as handle: + handle.write(HEADER) + for key in sorted(for_rust.keys()): + if isinstance(for_rust[key], list): + value = ",".join(for_rust[key]) + handle.write(f"pub const {key}: &[&str] = &[{value}];") + elif isinstance(for_rust[key], str): + value = for_rust[key] + handle.write(f"pub const {key}: &str = {value};") + else: + raise Exception('unsupported for_rust type') diff --git a/src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py b/src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py b/src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py new file mode 100644 index 000000000..3fcb98aaf --- /dev/null +++ b/src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py @@ -0,0 +1,6 @@ +# this is a stubbed out class to enable us to load `constants.py` during code +# generation. + +class stack_parser: + def StackFrameSpec(*args, **kwargs): + pass diff --git a/src/agent/libclusterfuzz/third-party/update.sh b/src/agent/libclusterfuzz/third-party/update.sh new file mode 100755 index 000000000..9ebf4c92a --- /dev/null +++ b/src/agent/libclusterfuzz/third-party/update.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# + +set -ex + + +cd $(dirname "$(readlink -f "$0")") +git clone --depth 1 https://github.com/google/clusterfuzz clusterfuzz-src +mv clusterfuzz-src/src/python/lib/clusterfuzz/stacktraces/constants.py . +mkdir -p ../data/stack-traces +cp clusterfuzz-src/src/python/tests/core/crash_analysis/stack_parsing/stack_analyzer_data/*.txt ../data/stack-traces/ +python build.py +rm -rf constants.py __pycache__ */__pycache__ clusterfuzz-src +(cd ../; cargo fmt) diff --git a/src/agent/onefuzz-agent/Cargo.toml b/src/agent/onefuzz-agent/Cargo.toml index 5c5e3625a..1a423d1f2 100644 --- a/src/agent/onefuzz-agent/Cargo.toml +++ b/src/agent/onefuzz-agent/Cargo.toml @@ -33,6 +33,7 @@ onefuzz = { path = "../onefuzz" } storage-queue = { path = "../storage-queue" } reqwest-retry = { path = "../reqwest-retry" } onefuzz-telemetry = { path = "../onefuzz-telemetry" } +stacktrace-parser = { path = "../stacktrace-parser" } path-absolutize = "3.0.6" [dev-dependencies] diff --git a/src/agent/onefuzz-agent/src/local/generic_crash_report.rs b/src/agent/onefuzz-agent/src/local/generic_crash_report.rs index 5ef046e64..b2977d414 100644 --- a/src/agent/onefuzz-agent/src/local/generic_crash_report.rs +++ b/src/agent/onefuzz-agent/src/local/generic_crash_report.rs @@ -58,6 +58,7 @@ pub fn build_report_config( check_retry_count, check_queue, crashes, + minimized_stack_depth: None, input_queue, no_repro, reports, diff --git a/src/agent/onefuzz-agent/src/local/libfuzzer_crash_report.rs b/src/agent/onefuzz-agent/src/local/libfuzzer_crash_report.rs index f9ddbd981..dd962f4d4 100644 --- a/src/agent/onefuzz-agent/src/local/libfuzzer_crash_report.rs +++ b/src/agent/onefuzz-agent/src/local/libfuzzer_crash_report.rs @@ -50,6 +50,7 @@ pub fn build_report_config( target_timeout, check_retry_count, check_fuzzer_help, + minimized_stack_depth: None, input_queue, check_queue, crashes, diff --git a/src/agent/onefuzz-agent/src/tasks/report/crash_report.rs b/src/agent/onefuzz-agent/src/tasks/report/crash_report.rs index 7d6cced29..a72d3b7be 100644 --- a/src/agent/onefuzz-agent/src/tasks/report/crash_report.rs +++ b/src/agent/onefuzz-agent/src/tasks/report/crash_report.rs @@ -3,17 +3,17 @@ use anyhow::{Context, Result}; use futures::StreamExt; -use onefuzz::{asan::AsanLog, blob::BlobUrl, monitor::DirectoryMonitor, syncdir::SyncedDir}; +use onefuzz::{blob::BlobUrl, monitor::DirectoryMonitor, syncdir::SyncedDir}; use onefuzz_telemetry::{ Event::{new_report, new_unable_to_reproduce, new_unique_report}, EventData, }; - use serde::{Deserialize, Serialize}; +use stacktrace_parser::CrashLog; use std::path::{Path, PathBuf}; use uuid::Uuid; -#[derive(Debug, Deserialize, Serialize)] +#[derive(Debug, Deserialize, Serialize, Default)] pub struct CrashReport { pub input_sha256: String, @@ -27,9 +27,18 @@ pub struct CrashReport { pub crash_site: String, pub call_stack: Vec, - pub call_stack_sha256: String, + #[serde(default)] + pub minimized_stack: Vec, + #[serde(default)] + pub minimized_stack_sha256: Option, + + #[serde(default)] + pub minimized_stack_function_names: Vec, + #[serde(default)] + pub minimized_stack_function_names_sha256: Option, + pub asan_log: Option, pub task_id: Uuid, @@ -123,24 +132,42 @@ impl From for InputBlob { impl CrashReport { pub fn new( - asan_log: AsanLog, + crash_log: CrashLog, task_id: Uuid, job_id: Uuid, executable: impl Into, input_blob: Option, input_sha256: String, + minimized_stack_depth: Option, ) -> Self { + let call_stack_sha256 = crash_log.call_stack_sha256(); + let minimized_stack_sha256 = if crash_log.minimized_stack.is_empty() { + None + } else { + Some(crash_log.minimized_stack_sha256(minimized_stack_depth)) + }; + + let minimized_stack_function_names_sha256 = + if crash_log.minimized_stack_function_names.is_empty() { + None + } else { + Some(crash_log.minimized_stack_function_names_sha256(minimized_stack_depth)) + }; Self { input_sha256, input_blob, executable: executable.into(), - crash_type: asan_log.fault_type().into(), - crash_site: asan_log.summary().into(), - call_stack: asan_log.call_stack().to_vec(), - call_stack_sha256: asan_log.call_stack_sha256(), - asan_log: Some(asan_log.text().to_string()), - scariness_score: asan_log.scariness_score(), - scariness_description: asan_log.scariness_description().to_owned(), + crash_type: crash_log.fault_type, + crash_site: crash_log.summary, + call_stack_sha256, + minimized_stack: crash_log.minimized_stack, + minimized_stack_sha256, + minimized_stack_function_names: crash_log.minimized_stack_function_names, + minimized_stack_function_names_sha256, + call_stack: crash_log.call_stack, + asan_log: Some(crash_log.text), + scariness_score: crash_log.scariness_score, + scariness_description: crash_log.scariness_description, task_id, job_id, } diff --git a/src/agent/onefuzz-agent/src/tasks/report/generic.rs b/src/agent/onefuzz-agent/src/tasks/report/generic.rs index 41b8d0c66..b1ce3a868 100644 --- a/src/agent/onefuzz-agent/src/tasks/report/generic.rs +++ b/src/agent/onefuzz-agent/src/tasks/report/generic.rs @@ -47,6 +47,9 @@ pub struct Config { #[serde(default = "default_bool_true")] pub check_queue: bool, + #[serde(default)] + pub minimized_stack_depth: Option, + #[serde(flatten)] pub common: CommonConfig, } @@ -132,6 +135,7 @@ impl<'a> GenericReportProcessor<'a> { &self.config.target_exe, input_blob, input_sha256, + self.config.minimized_stack_depth, ); Ok(CrashTestResult::CrashReport(crash_report)) } else if let Some(crash) = test_report.crash { @@ -144,11 +148,9 @@ impl<'a> GenericReportProcessor<'a> { crash_type: crash.crash_type, crash_site: crash.crash_site, call_stack_sha256, - asan_log: None, - scariness_score: None, - scariness_description: None, task_id, job_id, + ..Default::default() }; Ok(CrashTestResult::CrashReport(crash_report)) diff --git a/src/agent/onefuzz-agent/src/tasks/report/libfuzzer_report.rs b/src/agent/onefuzz-agent/src/tasks/report/libfuzzer_report.rs index e1e3706e3..2617d7949 100644 --- a/src/agent/onefuzz-agent/src/tasks/report/libfuzzer_report.rs +++ b/src/agent/onefuzz-agent/src/tasks/report/libfuzzer_report.rs @@ -36,6 +36,9 @@ pub struct Config { #[serde(default)] pub check_retry_count: u64, + #[serde(default)] + pub minimized_stack_depth: Option, + #[serde(default = "default_bool_true")] pub check_queue: bool, @@ -140,6 +143,7 @@ impl AsanProcessor { &self.config.target_exe, input_blob, input_sha256, + self.config.minimized_stack_depth, ); Ok(CrashTestResult::CrashReport(crash_report)) } diff --git a/src/agent/onefuzz/Cargo.toml b/src/agent/onefuzz/Cargo.toml index b225472c6..e40f330da 100644 --- a/src/agent/onefuzz/Cargo.toml +++ b/src/agent/onefuzz/Cargo.toml @@ -39,6 +39,7 @@ tempfile = "3.2" process_control = "3.0" reqwest-retry = { path = "../reqwest-retry"} onefuzz-telemetry = { path = "../onefuzz-telemetry"} +stacktrace-parser = { path = "../stacktrace-parser" } [target.'cfg(target_os = "windows")'.dependencies] winreg = "0.8" diff --git a/src/agent/onefuzz/src/asan.rs b/src/agent/onefuzz/src/asan.rs index ee4b63e57..5429e8c10 100644 --- a/src/agent/onefuzz/src/asan.rs +++ b/src/agent/onefuzz/src/asan.rs @@ -1,139 +1,13 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -use crate::sha256; -use anyhow::Result; -use regex::Regex; +use anyhow::{Context, Result}; use std::{collections::HashMap, hash::BuildHasher, path::Path}; use tokio::{fs, stream::StreamExt}; +pub use stacktrace_parser::CrashLog; const ASAN_LOG_TRUNCATE_SIZE: usize = 4096; -#[derive(Clone, Debug)] -pub struct AsanLog { - text: String, - sanitizer: String, - summary: String, - fault_type: String, - call_stack: Vec, - scariness_score: Option, - scariness_description: Option, -} - -impl AsanLog { - pub fn parse(text: String) -> Option { - let (summary, sanitizer, fault_type) = match parse_summary(&text) { - Some(x) => x, - None => parse_asan_runtime_error(&text)?, - }; - - let call_stack = parse_call_stack(&text).unwrap_or_else(Vec::default); - - let (scariness_score, scariness_description) = match parse_scariness(&text) { - Some((x, y)) => (Some(x), Some(y)), - None => (None, None), - }; - - let log = Self { - text, - sanitizer, - summary, - fault_type, - call_stack, - scariness_score, - scariness_description, - }; - - Some(log) - } - - pub fn text(&self) -> &str { - &self.text - } - - pub fn summary(&self) -> &str { - &self.summary - } - - pub fn fault_type(&self) -> &str { - &self.fault_type - } - - pub fn call_stack(&self) -> &[String] { - &self.call_stack - } - - pub fn call_stack_sha256(&self) -> String { - sha256::digest_iter(self.call_stack()) - } - - pub fn scariness_score(&self) -> Option { - self.scariness_score - } - - pub fn scariness_description(&self) -> &Option { - &self.scariness_description - } -} - -fn parse_scariness(text: &str) -> Option<(u32, String)> { - let pattern = r"(?m)^SCARINESS: (\d+) \(([^\)]+)\)\r?$"; - let re = Regex::new(pattern).ok()?; - let captures = re.captures(text)?; - let index = u32::from_str_radix(captures.get(1)?.as_str(), 10).ok()?; - let value = captures.get(2)?.as_str().trim(); - - Some((index, value.into())) -} - -fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> { - let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)"; - let re = Regex::new(pattern).ok()?; - let captures = re.captures(text)?; - let summary = captures.get(1)?.as_str().trim(); - let sanitizer = captures.get(2)?.as_str().trim(); - let fault_type = captures.get(3)?.as_str().trim(); - Some((summary.into(), sanitizer.into(), fault_type.into())) -} - -fn parse_summary(text: &str) -> Option<(String, String, String)> { - let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|odr-violation|[^ \n]+).*)"; - let re = Regex::new(pattern).ok()?; - let captures = re.captures(text)?; - let summary = captures.get(1)?.as_str().trim(); - let sanitizer = captures.get(2)?.as_str().trim(); - let fault_type = captures.get(3)?.as_str().trim(); - Some((summary.into(), sanitizer.into(), fault_type.into())) -} - -fn parse_call_stack(text: &str) -> Option> { - let mut stack = vec![]; - let mut parsing_stack = false; - - for line in text.lines() { - let line = line.trim(); - let is_frame = line.starts_with('#'); - - match (parsing_stack, is_frame) { - (true, true) => { - stack.push(line.to_string()); - } - (true, false) => { - return Some(stack); - } - (false, true) => { - parsing_stack = true; - stack.push(line.to_string()); - } - (false, false) => { - continue; - } - } - } - - None -} - #[cfg(target_os = "windows")] pub fn add_asan_log_env(env: &mut HashMap, asan_dir: &Path) { let asan_path = asan_dir.join("asan-log"); @@ -174,176 +48,39 @@ pub fn add_asan_log_env(env: &mut HashMap, as } } -pub async fn check_asan_string(mut data: String) -> Result> { - let asan = AsanLog::parse(data.clone()); - if asan.is_some() { - Ok(asan) - } else { - if data.len() > ASAN_LOG_TRUNCATE_SIZE { - data.truncate(ASAN_LOG_TRUNCATE_SIZE); - data.push_str("..."); +pub async fn check_asan_string(mut data: String) -> Result> { + match CrashLog::parse(data.clone()) { + Ok(log) => Ok(Some(log)), + Err(err) => { + if data.len() > ASAN_LOG_TRUNCATE_SIZE { + data.truncate(ASAN_LOG_TRUNCATE_SIZE); + data.push_str("..."); + } + warn!( + "unable to parse asan log from string. error:{:?} data:{:?}", + err, data + ); + Ok(None) } - warn!("unable to parse asan log from string: {:?}", data); - Ok(None) } } -pub async fn check_asan_path(asan_dir: &Path) -> Result> { +pub async fn check_asan_path(asan_dir: &Path) -> Result> { let mut entries = fs::read_dir(asan_dir).await?; // there should be only up to one file in asan_dir if let Some(file) = entries.next().await { let file = file?; let mut asan_text = fs::read_to_string(file.path()).await?; - let asan = AsanLog::parse(asan_text.clone()); - if asan.is_some() { - return Ok(asan); - } else { + + let asan = CrashLog::parse(asan_text.clone()).with_context(|| { if asan_text.len() > ASAN_LOG_TRUNCATE_SIZE { asan_text.truncate(ASAN_LOG_TRUNCATE_SIZE); asan_text.push_str("..."); } - bail!( - "unable to parse asan log {}: {:?}", - file.path().display(), - asan_text - ); - } + format_err!("unable to parse asan log {}: {:?}") + })?; + return Ok(Some(asan)); } Ok(None) } - -#[cfg(test)] -mod tests { - use super::AsanLog; - - #[test] - fn test_asan_log_parse() -> anyhow::Result<()> { - let test_cases = vec![ - ( - "data/libfuzzer-asan-log.txt", - "AddressSanitizer", - "heap-use-after-free", - 7, - None, - None, - ), - ( - "data/libfuzzer-deadly-signal.txt", - "libFuzzer", - "deadly signal", - 14, - None, - None, - ), - ( - "data/libfuzzer-windows-llvm10-out-of-memory-malloc.txt", - "libFuzzer", - "out-of-memory", - 16, - None, - None, - ), - ( - "data/libfuzzer-windows-llvm10-out-of-memory-rss.txt", - "libFuzzer", - "out-of-memory", - 0, - None, - None, - ), - ( - "data/libfuzzer-linux-llvm10-out-of-memory-malloc.txt", - "libFuzzer", - "out-of-memory", - 15, - None, - None, - ), - ( - "data/libfuzzer-linux-llvm10-out-of-memory-rss.txt", - "libFuzzer", - "out-of-memory", - 4, - None, - None, - ), - ( - "data/tsan-linux-llvm10-data-race.txt", - "ThreadSanitizer", - "data race", - 1, - None, - None, - ), - ( - "data/clang-10-asan-breakpoint.txt", - "AddressSanitizer", - "breakpoint", - 43, - None, - None, - ), - ( - "data/asan-check-failure.txt", - "AddressSanitizer", - "CHECK failed", - 12, - None, - None, - ), - ( - "data/asan-check-failure-missing-symbolizer.txt", - "AddressSanitizer", - "CHECK failed", - 12, - None, - None, - ), - ( - "data/libfuzzer-scariness.txt", - "AddressSanitizer", - "FPE", - 9, - Some(10), - Some("signal".to_string()), - ), - ( - "data/libfuzzer-scariness-underflow.txt", - "AddressSanitizer", - "stack-buffer-underflow", - 9, - Some(51), - Some("4-byte-write-stack-buffer-underflow".to_string()), - ), - ( - "data/asan-odr-violation.txt", - "AddressSanitizer", - "odr-violation", - 2, - None, - None, - ), - ]; - - for ( - log_path, - sanitizer, - fault_type, - call_stack_len, - scariness_score, - scariness_description, - ) in test_cases - { - let data = std::fs::read_to_string(log_path)?; - let log = AsanLog::parse(data).unwrap(); - - assert_eq!(log.sanitizer, sanitizer); - assert_eq!(log.fault_type, fault_type); - assert_eq!(log.call_stack.len(), call_stack_len); - assert_eq!(log.scariness_score, scariness_score); - assert_eq!(log.scariness_description, scariness_description); - } - Ok(()) - } -} diff --git a/src/agent/onefuzz/src/expand.rs b/src/agent/onefuzz/src/expand.rs index 7c73a1211..f1e01d6e9 100644 --- a/src/agent/onefuzz/src/expand.rs +++ b/src/agent/onefuzz/src/expand.rs @@ -369,7 +369,7 @@ impl<'a> Expand<'a> { #[cfg(test)] mod tests { use super::Expand; - use anyhow::Result; + use anyhow::{Context, Result}; use std::path::Path; #[test] @@ -415,8 +415,8 @@ mod tests { ]; // The paths need to exist for canonicalization. - let input_path = "data/libfuzzer-asan-log.txt"; - let input_corpus_dir = "data"; + let input_path = "src/lib.rs"; + let input_corpus_dir = "src"; let generated_inputs_dir = "src"; let result = Expand::new() @@ -430,7 +430,7 @@ mod tests { let expected_input_corpus = input_corpus_path.to_string_lossy(); let generated_inputs_path = dunce::canonicalize(generated_inputs_dir)?; let expected_generated_inputs = generated_inputs_path.to_string_lossy(); - let input_full_path = dunce::canonicalize(input_path)?; + let input_full_path = dunce::canonicalize(input_path).context("canonicalize failed")?; let expected_input = input_full_path.to_string_lossy(); let expected_options = format!( "inner {} then {} {}", @@ -447,7 +447,7 @@ mod tests { "c", &expected_options, "d", - "libfuzzer-asan-log", + "lib", &expected_input, &expected_input ] diff --git a/src/agent/onefuzz/src/input_tester.rs b/src/agent/onefuzz/src/input_tester.rs index d9c08d2ba..1d4204572 100644 --- a/src/agent/onefuzz/src/input_tester.rs +++ b/src/agent/onefuzz/src/input_tester.rs @@ -4,12 +4,13 @@ #![allow(clippy::len_zero)] use crate::{ - asan::{add_asan_log_env, check_asan_path, check_asan_string, AsanLog}, + asan::{add_asan_log_env, check_asan_path, check_asan_string}, env::{get_path_with_directory, update_path, LD_LIBRARY_PATH, PATH}, expand::Expand, process::run_cmd, }; use anyhow::{Error, Result}; +use stacktrace_parser::CrashLog; use std::{collections::HashMap, path::Path, time::Duration}; use tempfile::tempdir; @@ -40,7 +41,7 @@ pub struct Crash { #[derive(Debug)] pub struct TestResult { pub crash: Option, - pub asan_log: Option, + pub asan_log: Option, pub error: Option, } diff --git a/src/agent/stacktrace-parser/Cargo.toml b/src/agent/stacktrace-parser/Cargo.toml new file mode 100644 index 000000000..6bb7c41c8 --- /dev/null +++ b/src/agent/stacktrace-parser/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "stacktrace-parser" +version = "0.1.0" +authors = [""] +edition = "2018" + +[dependencies] +anyhow = "1.0" +hex = "0.4" +regex = "1.4" +sha2 = "0.9" +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +libclusterfuzz = { path = "../libclusterfuzz" } + +[dev-dependencies] +pretty_assertions = "0.7" diff --git a/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure-missing-symbolizer.json b/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure-missing-symbolizer.json new file mode 100644 index 000000000..a96f4d846 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure-missing-symbolizer.json @@ -0,0 +1,168 @@ +{ + "text": "=================================================================\n==15479==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 \"((0 && \"Address is not in memory and not in shadow?\")) != (0)\" (0x0, 0x0)\n==15479==WARNING: invalid path to external symbolizer!\n==15479==WARNING: Failed to use and restart external symbolizer!\n #0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)\n #1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)\n #2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)\n #3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)\n #4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)\n #5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)\n #6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)\n #7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)\n #8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)\n #9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)\n #10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)\n #11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)\n\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80", + "fault_type": "CHECK failed", + "call_stack": [ + "#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)", + "#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)", + "#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)", + "#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)", + "#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)", + "#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)", + "#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)", + "#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)", + "#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)", + "#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)", + "#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)", + "#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)" + ], + "full_stack_details": [ + { + "line": "#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)", + "address": 4827438, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4827438 + }, + { + "line": "#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)", + "address": 4910911, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4910911 + }, + { + "line": "#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)", + "address": 4338966, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4338966 + }, + { + "line": "#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)", + "address": 4343222, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4343222 + }, + { + "line": "#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)", + "address": 4350386, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4350386 + }, + { + "line": "#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)", + "address": 4817280, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4817280 + }, + { + "line": "#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)", + "address": 4714241, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4714241 + }, + { + "line": "#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)", + "address": 4989475, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4989475 + }, + { + "line": "#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)", + "address": 4990647, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4990647 + }, + { + "line": "#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)", + "address": 4990797, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4990797 + }, + { + "line": "#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)", + "address": 140737335405558, + "module_path": "/lib/x86_64-linux-gnu/libc.so.6", + "module_offset": 138230 + }, + { + "line": "#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)", + "address": 4303673, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4303673 + } + ], + "minimized_stack_details": [ + { + "line": "#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)", + "address": 4827438, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4827438 + }, + { + "line": "#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)", + "address": 4910911, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4910911 + }, + { + "line": "#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)", + "address": 4338966, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4338966 + }, + { + "line": "#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)", + "address": 4343222, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4343222 + }, + { + "line": "#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)", + "address": 4350386, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4350386 + }, + { + "line": "#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)", + "address": 4817280, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4817280 + }, + { + "line": "#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)", + "address": 4714241, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4714241 + }, + { + "line": "#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)", + "address": 4989475, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4989475 + }, + { + "line": "#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)", + "address": 4990647, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4990647 + }, + { + "line": "#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)", + "address": 4990797, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4990797 + }, + { + "line": "#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)", + "address": 140737335405558, + "module_path": "/lib/x86_64-linux-gnu/libc.so.6", + "module_offset": 138230 + }, + { + "line": "#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)", + "address": 4303673, + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4303673 + } + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure.json b/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure.json new file mode 100644 index 000000000..4da479632 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure.json @@ -0,0 +1,155 @@ +{ + "text": "=================================================================\n==31189==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 \"((0 && \"Address is not in memory and not in shadow?\")) != (0)\" (0x0, 0x0)\n #0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)\n #1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)\n #2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)\n #3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)\n #4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)\n #5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)\n #6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)\n #7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3\n #8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12\n #9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12\n #10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310\n #11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)\n\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80", + "fault_type": "CHECK failed", + "call_stack": [ + "#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)", + "#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)", + "#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)", + "#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)", + "#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)", + "#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)", + "#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)", + "#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3", + "#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12", + "#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12", + "#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310", + "#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)" + ], + "full_stack_details": [ + { + "line": "#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)", + "address": 4827438, + "function_name": "__asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4827438 + }, + { + "line": "#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)", + "address": 4910911, + "function_name": "__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4910911 + }, + { + "line": "#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)", + "address": 4338966, + "function_name": "__asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4338966 + }, + { + "line": "#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)", + "address": 4343222, + "function_name": "__asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4343222 + }, + { + "line": "#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)", + "address": 4350386, + "function_name": "__asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4350386 + }, + { + "line": "#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)", + "address": 4817280, + "function_name": "__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4817280 + }, + { + "line": "#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)", + "address": 4714241, + "function_name": "strncpy", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4714241 + }, + { + "line": "#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3", + "address": 4989475, + "function_name": "check", + "function_offset": 3, + "source_file_name": "fuzz.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c", + "source_file_line": 21 + }, + { + "line": "#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12", + "address": 4990647, + "function_name": "from_file", + "function_offset": 12, + "source_file_name": "fuzz.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c", + "source_file_line": 67 + }, + { + "line": "#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12", + "address": 4990797, + "function_name": "main", + "function_offset": 12, + "source_file_name": "fuzz.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c", + "source_file_line": 81 + }, + { + "line": "#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310", + "address": 140737335405558, + "function_name": "__libc_start_main", + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c", + "source_file_line": 310 + }, + { + "line": "#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)", + "address": 4303673, + "function_name": "_start", + "module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe", + "module_offset": 4303673 + } + ], + "full_stack_names": [ + "__asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)", + "__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)", + "__asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*)", + "__asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool)", + "__asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long)", + "__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)", + "strncpy", + "check", + "from_file", + "main", + "__libc_start_main", + "_start" + ], + "minimized_stack_details": [ + { + "line": "#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3", + "address": 4989475, + "function_name": "check", + "function_offset": 3, + "source_file_name": "fuzz.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c", + "source_file_line": 21 + }, + { + "line": "#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12", + "address": 4990647, + "function_name": "from_file", + "function_offset": 12, + "source_file_name": "fuzz.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c", + "source_file_line": 67 + } + ], + "minimized_stack": [ + "check", + "from_file" + ], + "minimized_stack_function_names": [ + "check", + "from_file" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/asan-odr-violation.json b/src/agent/stacktrace-parser/data/parsed-traces/asan-odr-violation.json new file mode 100644 index 000000000..98f6aa843 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/asan-odr-violation.json @@ -0,0 +1,32 @@ +{ + "text": "=================================================================\n==10896==ERROR: AddressSanitizer: odr-violation (0x7fffc6d5bd60):\n [1] size=64 'vtable for a::b' ../../a/b.cc\n [2] size=64 'vtable for a::b' ../../a/b.cc\nThese globals were registered at these points:\n [1]:\n #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3\n #1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)\n\n [2]:\n #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3\n #1 0x7fffc6d58ccb in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libx11_window.so+0x46ccb)\n\n==10896==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0\nSUMMARY: AddressSanitizer: odr-violation: global 'vtable for a::b' at ../../a/b.cc\n==10896==ABORTING", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer: odr-violation: global 'vtable for a::b' at ../../a/b.cc", + "fault_type": "odr-violation", + "call_stack": [ + "#0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3", + "#1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)" + ], + "full_stack_details": [ + { + "line": "#0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3", + "address": 93825010854861, + "function_name": "__asan_register_globals", + "function_offset": 3, + "source_file_name": "asan_globals.cpp", + "source_file_path": "/b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp", + "source_file_line": 360 + }, + { + "line": "#1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)", + "address": 140735752360587, + "function_name": "asan.module_ctor", + "module_path": "/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so", + "module_offset": 11543179 + } + ], + "full_stack_names": [ + "__asan_register_globals", + "asan.module_ctor" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/clang-10-asan-breakpoint.json b/src/agent/stacktrace-parser/data/parsed-traces/clang-10-asan-breakpoint.json new file mode 100644 index 000000000..64eb90398 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/clang-10-asan-breakpoint.json @@ -0,0 +1,571 @@ +{ + "text": "=================================================================\n==24004==ERROR: AddressSanitizer: breakpoint on unknown address 0x000000000000 (pc 0x7ffd10f6e42d bp 0x009369dfde00 sp 0x009369dfdd30 T0)\n==24004==The signal is caused by a READ memory access.\n==24004==Hint: address points to the zero page.\n==24004==*** WARNING: Failed to initialize DbgHelp! ***\n==24004==*** Most likely this means that the app is already ***\n==24004==*** using DbgHelp, possibly with incompatible flags. ***\n==24004==*** Due to technical reasons, symbolization might crash ***\n==24004==*** or produce wrong results. ***\n #0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)\n #1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)\n #2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)\n #3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)\n #4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)\n #5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)\n #6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)\n #7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)\n #8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)\n #9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)\n #10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)\n #11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)\n #12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)\n #13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)\n #14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)\n #15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)\n #16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)\n #17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)\n #18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)\n #19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)\n #20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)\n #21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)\n #22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)\n #23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)\n #24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)\n #25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)\n #26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)\n #27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)\n #28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)\n #29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)\n #30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)\n #31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)\n #32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)\n #33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)\n #34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)\n #35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)\n #36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)\n #37 0x7ffd0677162b (C:\\test.dll+0x18000162b)\n #38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)\n #39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)\n #40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)\n #41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)\n #42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: breakpoint (C:\\test.dll+0x18a7fe42c) \n==24004==ABORTING\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer: breakpoint (C:\\test.dll+0x18a7fe42c)", + "fault_type": "breakpoint", + "call_stack": [ + "#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)", + "#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)", + "#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)", + "#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)", + "#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)", + "#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)", + "#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)", + "#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)", + "#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)", + "#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)", + "#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)", + "#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)", + "#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)", + "#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)", + "#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)", + "#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)", + "#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)", + "#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)", + "#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)", + "#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)", + "#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)", + "#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)", + "#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)", + "#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)", + "#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)", + "#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)", + "#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)", + "#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)", + "#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)", + "#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)", + "#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)", + "#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)", + "#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)", + "#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)", + "#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)", + "#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)", + "#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)", + "#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)", + "#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)", + "#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)", + "#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)", + "#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)", + "#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)" + ], + "full_stack_details": [ + { + "line": "#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)", + "address": 140724888069164, + "module_path": "C:\\test.dll", + "module_offset": 6618604588 + }, + { + "line": "#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)", + "address": 140724886650399, + "module_path": "C:\\test.dll", + "module_offset": 6617185823 + }, + { + "line": "#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)", + "address": 140724886658015, + "module_path": "C:\\test.dll", + "module_offset": 6617193439 + }, + { + "line": "#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)", + "address": 140724782963392, + "module_path": "C:\\test.dll", + "module_offset": 6513498816 + }, + { + "line": "#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)", + "address": 140724786206471, + "module_path": "C:\\test.dll", + "module_offset": 6516741895 + }, + { + "line": "#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)", + "address": 140724776771880, + "module_path": "C:\\test.dll", + "module_offset": 6507307304 + }, + { + "line": "#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)", + "address": 140724776771286, + "module_path": "C:\\test.dll", + "module_offset": 6507306710 + }, + { + "line": "#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)", + "address": 140724787392515, + "module_path": "C:\\test.dll", + "module_offset": 6517927939 + }, + { + "line": "#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)", + "address": 140724787244204, + "module_path": "C:\\test.dll", + "module_offset": 6517779628 + }, + { + "line": "#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)", + "address": 140724787242794, + "module_path": "C:\\test.dll", + "module_offset": 6517778218 + }, + { + "line": "#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)", + "address": 140724787242547, + "module_path": "C:\\test.dll", + "module_offset": 6517777971 + }, + { + "line": "#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)", + "address": 140724796094974, + "module_path": "C:\\test.dll", + "module_offset": 6526630398 + }, + { + "line": "#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)", + "address": 140724796992709, + "module_path": "C:\\test.dll", + "module_offset": 6527528133 + }, + { + "line": "#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)", + "address": 140724796944361, + "module_path": "C:\\test.dll", + "module_offset": 6527479785 + }, + { + "line": "#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)", + "address": 140724796942019, + "module_path": "C:\\test.dll", + "module_offset": 6527477443 + }, + { + "line": "#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)", + "address": 140724795954382, + "module_path": "C:\\test.dll", + "module_offset": 6526489806 + }, + { + "line": "#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)", + "address": 140724795952873, + "module_path": "C:\\test.dll", + "module_offset": 6526488297 + }, + { + "line": "#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)", + "address": 140724795910325, + "module_path": "C:\\test.dll", + "module_offset": 6526445749 + }, + { + "line": "#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)", + "address": 140724795913208, + "module_path": "C:\\test.dll", + "module_offset": 6526448632 + }, + { + "line": "#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)", + "address": 140724795914359, + "module_path": "C:\\test.dll", + "module_offset": 6526449783 + }, + { + "line": "#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)", + "address": 140724800434826, + "module_path": "C:\\test.dll", + "module_offset": 6530970250 + }, + { + "line": "#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)", + "address": 140724887469193, + "module_path": "C:\\test.dll", + "module_offset": 6618004617 + }, + { + "line": "#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)", + "address": 140724933292318, + "module_path": "C:\\test.dll", + "module_offset": 6663827742 + }, + { + "line": "#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)", + "address": 140724933290026, + "module_path": "C:\\test.dll", + "module_offset": 6663825450 + }, + { + "line": "#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)", + "address": 140724888203568, + "module_path": "C:\\test.dll", + "module_offset": 6618738992 + }, + { + "line": "#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)", + "address": 140724888194095, + "module_path": "C:\\test.dll", + "module_offset": 6618729519 + }, + { + "line": "#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)", + "address": 140724933298227, + "module_path": "C:\\test.dll", + "module_offset": 6663833651 + }, + { + "line": "#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)", + "address": 140724887153905, + "module_path": "C:\\test.dll", + "module_offset": 6617689329 + }, + { + "line": "#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)", + "address": 140724928549993, + "module_path": "C:\\test.dll", + "module_offset": 6659085417 + }, + { + "line": "#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)", + "address": 140724770850643, + "module_path": "C:\\test.dll", + "module_offset": 6501386067 + }, + { + "line": "#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)", + "address": 140724770874475, + "module_path": "C:\\test.dll", + "module_offset": 6501409899 + }, + { + "line": "#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)", + "address": 140724770819056, + "module_path": "C:\\test.dll", + "module_offset": 6501354480 + }, + { + "line": "#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)", + "address": 140724883564669, + "module_path": "C:\\test.dll", + "module_offset": 6614100093 + }, + { + "line": "#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)", + "address": 140724883575328, + "module_path": "C:\\test.dll", + "module_offset": 6614110752 + }, + { + "line": "#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)", + "address": 140724883571708, + "module_path": "C:\\test.dll", + "module_offset": 6614107132 + }, + { + "line": "#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)", + "address": 140724884351852, + "module_path": "C:\\test.dll", + "module_offset": 6614887276 + }, + { + "line": "#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)", + "address": 140724883564100, + "module_path": "C:\\test.dll", + "module_offset": 6614099524 + }, + { + "line": "#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)", + "address": 140724711921195, + "module_path": "C:\\test.dll", + "module_offset": 6442456619 + }, + { + "line": "#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)", + "address": 140697199996886, + "module_path": "C:\\test.exe", + "module_offset": 5368737750 + }, + { + "line": "#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)", + "address": 140697199983924, + "module_path": "C:\\test.exe", + "module_offset": 5368724788 + }, + { + "line": "#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)", + "address": 140697205359407, + "module_path": "C:\\test.exe", + "module_offset": 5374100271 + }, + { + "line": "#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)", + "address": 140727757467603, + "module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL", + "module_offset": 6442545107 + }, + { + "line": "#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)", + "address": 140727762931392, + "module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll", + "module_offset": 6442766016 + } + ], + "minimized_stack_details": [ + { + "line": "#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)", + "address": 140724888069164, + "module_path": "C:\\test.dll", + "module_offset": 6618604588 + }, + { + "line": "#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)", + "address": 140724886650399, + "module_path": "C:\\test.dll", + "module_offset": 6617185823 + }, + { + "line": "#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)", + "address": 140724886658015, + "module_path": "C:\\test.dll", + "module_offset": 6617193439 + }, + { + "line": "#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)", + "address": 140724782963392, + "module_path": "C:\\test.dll", + "module_offset": 6513498816 + }, + { + "line": "#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)", + "address": 140724786206471, + "module_path": "C:\\test.dll", + "module_offset": 6516741895 + }, + { + "line": "#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)", + "address": 140724776771880, + "module_path": "C:\\test.dll", + "module_offset": 6507307304 + }, + { + "line": "#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)", + "address": 140724776771286, + "module_path": "C:\\test.dll", + "module_offset": 6507306710 + }, + { + "line": "#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)", + "address": 140724787392515, + "module_path": "C:\\test.dll", + "module_offset": 6517927939 + }, + { + "line": "#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)", + "address": 140724787244204, + "module_path": "C:\\test.dll", + "module_offset": 6517779628 + }, + { + "line": "#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)", + "address": 140724787242794, + "module_path": "C:\\test.dll", + "module_offset": 6517778218 + }, + { + "line": "#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)", + "address": 140724787242547, + "module_path": "C:\\test.dll", + "module_offset": 6517777971 + }, + { + "line": "#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)", + "address": 140724796094974, + "module_path": "C:\\test.dll", + "module_offset": 6526630398 + }, + { + "line": "#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)", + "address": 140724796992709, + "module_path": "C:\\test.dll", + "module_offset": 6527528133 + }, + { + "line": "#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)", + "address": 140724796944361, + "module_path": "C:\\test.dll", + "module_offset": 6527479785 + }, + { + "line": "#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)", + "address": 140724796942019, + "module_path": "C:\\test.dll", + "module_offset": 6527477443 + }, + { + "line": "#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)", + "address": 140724795954382, + "module_path": "C:\\test.dll", + "module_offset": 6526489806 + }, + { + "line": "#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)", + "address": 140724795952873, + "module_path": "C:\\test.dll", + "module_offset": 6526488297 + }, + { + "line": "#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)", + "address": 140724795910325, + "module_path": "C:\\test.dll", + "module_offset": 6526445749 + }, + { + "line": "#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)", + "address": 140724795913208, + "module_path": "C:\\test.dll", + "module_offset": 6526448632 + }, + { + "line": "#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)", + "address": 140724795914359, + "module_path": "C:\\test.dll", + "module_offset": 6526449783 + }, + { + "line": "#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)", + "address": 140724800434826, + "module_path": "C:\\test.dll", + "module_offset": 6530970250 + }, + { + "line": "#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)", + "address": 140724887469193, + "module_path": "C:\\test.dll", + "module_offset": 6618004617 + }, + { + "line": "#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)", + "address": 140724933292318, + "module_path": "C:\\test.dll", + "module_offset": 6663827742 + }, + { + "line": "#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)", + "address": 140724933290026, + "module_path": "C:\\test.dll", + "module_offset": 6663825450 + }, + { + "line": "#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)", + "address": 140724888203568, + "module_path": "C:\\test.dll", + "module_offset": 6618738992 + }, + { + "line": "#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)", + "address": 140724888194095, + "module_path": "C:\\test.dll", + "module_offset": 6618729519 + }, + { + "line": "#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)", + "address": 140724933298227, + "module_path": "C:\\test.dll", + "module_offset": 6663833651 + }, + { + "line": "#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)", + "address": 140724887153905, + "module_path": "C:\\test.dll", + "module_offset": 6617689329 + }, + { + "line": "#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)", + "address": 140724928549993, + "module_path": "C:\\test.dll", + "module_offset": 6659085417 + }, + { + "line": "#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)", + "address": 140724770850643, + "module_path": "C:\\test.dll", + "module_offset": 6501386067 + }, + { + "line": "#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)", + "address": 140724770874475, + "module_path": "C:\\test.dll", + "module_offset": 6501409899 + }, + { + "line": "#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)", + "address": 140724770819056, + "module_path": "C:\\test.dll", + "module_offset": 6501354480 + }, + { + "line": "#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)", + "address": 140724883564669, + "module_path": "C:\\test.dll", + "module_offset": 6614100093 + }, + { + "line": "#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)", + "address": 140724883575328, + "module_path": "C:\\test.dll", + "module_offset": 6614110752 + }, + { + "line": "#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)", + "address": 140724883571708, + "module_path": "C:\\test.dll", + "module_offset": 6614107132 + }, + { + "line": "#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)", + "address": 140724884351852, + "module_path": "C:\\test.dll", + "module_offset": 6614887276 + }, + { + "line": "#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)", + "address": 140724883564100, + "module_path": "C:\\test.dll", + "module_offset": 6614099524 + }, + { + "line": "#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)", + "address": 140724711921195, + "module_path": "C:\\test.dll", + "module_offset": 6442456619 + }, + { + "line": "#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)", + "address": 140697199996886, + "module_path": "C:\\test.exe", + "module_offset": 5368737750 + }, + { + "line": "#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)", + "address": 140697199983924, + "module_path": "C:\\test.exe", + "module_offset": 5368724788 + }, + { + "line": "#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)", + "address": 140697205359407, + "module_path": "C:\\test.exe", + "module_offset": 5374100271 + }, + { + "line": "#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)", + "address": 140727757467603, + "module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL", + "module_offset": 6442545107 + }, + { + "line": "#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)", + "address": 140727762931392, + "module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll", + "module_offset": 6442766016 + } + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-asan-log.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-asan-log.json new file mode 100644 index 000000000..8345f726d --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-asan-log.json @@ -0,0 +1,95 @@ +{ + "text": "INFO: Seed: 2746158486\nINFO: Loaded 1 modules (21 inline 8-bit counters): 21 [0x766ef0, 0x766f05), \nINFO: Loaded 1 PC tables (21 PCs): 21 [0x542fd0,0x543120), \n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: crash-cbe07cd3ebaba15610ecd968c4e4a04c6643e534\n=================================================================\n==17066==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000050 at pc 0x000000527476 bp 0x7ffeb9b631d0 sp 0x7ffeb9b631c8\nWRITE of size 4 at 0x602000000050 thread T0\n #0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51\n #1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n #6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)\n\n0x602000000050 is located 0 bytes inside of 4-byte region [0x602000000050,0x602000000054)\nfreed by thread T0 here:\n #0 0x4f72e2 in free (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x4f72e2)\n #1 0x52742f in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:39\n #2 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #3 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #4 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #5 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #6 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\npreviously allocated by thread T0 here:\n #0 0x4f7663 in __interceptor_malloc (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x4f7663)\n #1 0x527419 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:18\n #2 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #3 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #4 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #5 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #6 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\nSUMMARY: AddressSanitizer: heap-use-after-free /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51 in LLVMFuzzerTestOneInput\nShadow bytes around the buggy address:\n 0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x0c047fff8000: fa fa 04 fa fa fa 04 fa fa fa[fd]fa fa fa fa fa\n 0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==17066==ABORTING\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer: heap-use-after-free /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51 in LLVMFuzzerTestOneInput", + "fault_type": "heap-use-after-free", + "call_stack": [ + "#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51", + "#1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)", + "#2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)", + "#3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)", + "#4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)", + "#5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310", + "#6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)" + ], + "full_stack_details": [ + { + "line": "#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51", + "address": 5403765, + "function_name": "LLVMFuzzerTestOneInput", + "function_offset": 51, + "source_file_name": "fuzz.c", + "source_file_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.c", + "source_file_line": 45 + }, + { + "line": "#1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)", + "address": 4389690, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe", + "module_offset": 4389690 + }, + { + "line": "#2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)", + "address": 4321159, + "function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe", + "module_offset": 4321159 + }, + { + "line": "#3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)", + "address": 4344737, + "function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe", + "module_offset": 4344737 + }, + { + "line": "#4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)", + "address": 4504946, + "function_name": "main", + "module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe", + "module_offset": 4504946 + }, + { + "line": "#5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310", + "address": 140458435656598, + "function_name": "__libc_start_main", + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c", + "source_file_line": 310 + }, + { + "line": "#6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)", + "address": 4315257, + "function_name": "_start", + "module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe", + "module_offset": 4315257 + } + ], + "full_stack_names": [ + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "main", + "__libc_start_main", + "_start" + ], + "minimized_stack_details": [ + { + "line": "#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51", + "address": 5403765, + "function_name": "fuzz.c", + "function_offset": 51, + "source_file_name": "fuzz.c", + "source_file_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.c", + "source_file_line": 45 + } + ], + "minimized_stack": [ + "fuzz.c" + ], + "minimized_stack_function_names": [ + "fuzz.c" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-deadly-signal.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-deadly-signal.json new file mode 100644 index 000000000..a93397c2c --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-deadly-signal.json @@ -0,0 +1,206 @@ +{ + "text": "INFO: Seed: 1417742161\nINFO: Loaded 2 modules (16763 inline 8-bit counters): 14323 [0x7f1ee459ce50, 0x7f1ee45a0643), 2440 [0x56512aac5ae0, 0x56512aac6468), \nINFO: Loaded 2 PC tables (16763 PCs): 14323 [0x7f1ee45a0648,0x7f1ee45d8578), 2440 [0x56512aac6468,0x56512aacfce8), \n../linux_x64_asan_libfuzz_release/jsoncpp_fuzzer: Running 1 inputs 1 time(s) each.\nRunning: ./crash-975f93376ba7c1af9f1f2fd891f9e5714f06e69c\n==23788== ERROR: libFuzzer: deadly signal\n #0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3\n #1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5\n #2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3\n #3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6\n #4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3\n #5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)\n #6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10\n #7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23\n #8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24\n #9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15\n #10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6\n #11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9\n #12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10\n #13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\nNOTE: libFuzzer has rudimentary signal handlers.\n Combine libFuzzer with AddressSanitizer or similar for better crash reports.\nSUMMARY: libFuzzer: deadly signal\n", + "sanitizer": "libFuzzer", + "summary": "libFuzzer: deadly signal", + "fault_type": "deadly signal", + "call_stack": [ + "#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3", + "#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5", + "#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3", + "#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6", + "#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3", + "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)", + "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10", + "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23", + "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24", + "#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15", + "#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6", + "#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9", + "#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10", + "#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310" + ], + "full_stack_details": [ + { + "line": "#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3", + "address": 94906607211544, + "function_name": "__sanitizer_print_stack_trace", + "function_offset": 3, + "source_file_name": "asan_stack.cpp", + "source_file_path": "/b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp", + "source_file_line": 86 + }, + { + "line": "#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5", + "address": 94906608165933, + "function_name": "fuzzer::PrintStackTrace()", + "function_offset": 5, + "source_file_name": "FuzzerUtil.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerUtil.cpp", + "source_file_line": 205 + }, + { + "line": "#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3", + "address": 94906607904862, + "function_name": "fuzzer::Fuzzer::CrashCallback()", + "function_offset": 3, + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp", + "source_file_line": 232 + }, + { + "line": "#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6", + "address": 94906607904735, + "function_name": "fuzzer::Fuzzer::StaticCrashSignalCallback()", + "function_offset": 6, + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp", + "source_file_line": 203 + }, + { + "line": "#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3", + "address": 94906608171336, + "function_name": "fuzzer::CrashHandler(int, siginfo_t*, void*)", + "function_offset": 3, + "source_file_name": "FuzzerUtilPosix.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerUtilPosix.cpp", + "source_file_line": 46 + }, + { + "line": "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)", + "address": 139770649909391, + "module_path": "/lib/x86_64-linux-gnu/libpthread.so.0", + "module_offset": 75919 + }, + { + "line": "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10", + "address": 94906607360673, + "function_name": "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", + "function_offset": 10, + "source_file_name": "json_reader.cpp", + "source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp", + "source_file_line": 1062 + }, + { + "line": "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23", + "address": 94906607398324, + "function_name": "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*)", + "function_offset": 23, + "source_file_name": "json_reader.cpp", + "source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp", + "source_file_line": 1899 + }, + { + "line": "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24", + "address": 94906607338403, + "function_name": "LLVMFuzzerTestOneInput", + "function_offset": 24, + "source_file_name": "json_fuzzer.cc", + "source_file_path": "third_party/jsoncpp/fuzzers/json_fuzzer.cc", + "source_file_line": 39 + }, + { + "line": "#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15", + "address": 94906607915215, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "function_offset": 15, + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp", + "source_file_line": 556 + }, + { + "line": "#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6", + "address": 94906607712218, + "function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "function_offset": 6, + "source_file_name": "FuzzerDriver.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerDriver.cpp", + "source_file_line": 292 + }, + { + "line": "#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9", + "address": 94906607734922, + "function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "function_offset": 9, + "source_file_name": "FuzzerDriver.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerDriver.cpp", + "source_file_line": 774 + }, + { + "line": "#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10", + "address": 94906608001452, + "function_name": "main", + "function_offset": 10, + "source_file_name": "FuzzerMain.cpp", + "source_file_path": "third_party/libFuzzer/src/FuzzerMain.cpp", + "source_file_line": 19 + }, + { + "line": "#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310", + "address": 139770637720470, + "function_name": "__libc_start_main", + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c", + "source_file_line": 310 + } + ], + "full_stack_names": [ + "__sanitizer_print_stack_trace", + "fuzzer::PrintStackTrace()", + "fuzzer::Fuzzer::CrashCallback()", + "fuzzer::Fuzzer::StaticCrashSignalCallback()", + "fuzzer::CrashHandler(int, siginfo_t*, void*)", + "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", + "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*)", + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "main", + "__libc_start_main" + ], + "minimized_stack_details": [ + { + "line": "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)", + "address": 139770649909391, + "module_path": "/lib/x86_64-linux-gnu/libpthread.so.0", + "module_offset": 75919 + }, + { + "line": "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10", + "address": 94906607360673, + "function_name": "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", + "function_offset": 10, + "source_file_name": "json_reader.cpp", + "source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp", + "source_file_line": 1062 + }, + { + "line": "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23", + "address": 94906607398324, + "function_name": "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*)", + "function_offset": 23, + "source_file_name": "json_reader.cpp", + "source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp", + "source_file_line": 1899 + }, + { + "line": "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24", + "address": 94906607338403, + "function_name": "json_fuzzer.cc", + "function_offset": 24, + "source_file_name": "json_fuzzer.cc", + "source_file_path": "third_party/jsoncpp/fuzzers/json_fuzzer.cc", + "source_file_line": 39 + } + ], + "minimized_stack": [ + "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", + "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string, std::__Cr::allocator >*)", + "json_fuzzer.cc" + ], + "minimized_stack_function_names": [ + "Json::OurReader::parse", + "Json::OurCharReader::parse", + "json_fuzzer.cc" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.json new file mode 100644 index 000000000..59945d086 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.json @@ -0,0 +1,167 @@ +{ + "text": "INFO: Seed: 3452367435\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [0x7a1eb0, 0x7a1ebc),\nINFO: Loaded 1 PC tables (12 PCs): 12 [0x566fd8,0x567098),\n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: good.txt\n==25300== ERROR: libFuzzer: out-of-memory (malloc(100000000))\n To change the out-of-memory limit use -rss_limit_mb=\n\n #0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)\n #1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)\n #2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)\n #3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)\n #4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)\n #5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)\n #6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)\n #7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)\n #8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18\n #9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)\n #10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)\n #11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)\n #12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)\n #13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310\n #14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)\n\nSUMMARY: libFuzzer: out-of-memory", + "sanitizer": "libFuzzer", + "summary": "libFuzzer: out-of-memory", + "fault_type": "out-of-memory", + "call_stack": [ + "#0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)", + "#1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)", + "#2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)", + "#3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)", + "#4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)", + "#5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)", + "#6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)", + "#7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)", + "#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18", + "#9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)", + "#10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)", + "#11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)", + "#12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)", + "#13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310", + "#14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)" + ], + "full_stack_details": [ + { + "line": "#0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)", + "address": 5398545, + "function_name": "__sanitizer_print_stack_trace", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 5398545 + }, + { + "line": "#1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)", + "address": 4657512, + "function_name": "fuzzer::PrintStackTrace()", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4657512 + }, + { + "line": "#2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)", + "address": 4543637, + "function_name": "fuzzer::Fuzzer::HandleMalloc(unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4543637 + }, + { + "line": "#3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)", + "address": 4543402, + "function_name": "fuzzer::MallocHook(void const volatile*, unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4543402 + }, + { + "line": "#4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)", + "address": 5423927, + "function_name": "__sanitizer::RunMallocHooks(void const*, unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 5423927 + }, + { + "line": "#5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)", + "address": 4876785, + "function_name": "__asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4876785 + }, + { + "line": "#6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)", + "address": 4874691, + "function_name": "__asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4874691 + }, + { + "line": "#7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)", + "address": 5363003, + "function_name": "malloc", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 5363003 + }, + { + "line": "#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18", + "address": 5557284, + "function_name": "LLVMFuzzerTestOneInput", + "function_offset": 18, + "source_file_name": "fuzz.c", + "source_file_path": "/home/user/src/onefuzz/src/agent/fuzz.c", + "source_file_line": 9 + }, + { + "line": "#9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)", + "address": 4553073, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4553073 + }, + { + "line": "#10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)", + "address": 4468962, + "function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4468962 + }, + { + "line": "#11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)", + "address": 4492182, + "function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4492182 + }, + { + "line": "#12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)", + "address": 4659282, + "function_name": "main", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4659282 + }, + { + "line": "#13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310", + "address": 140098568129430, + "function_name": "__libc_start_main", + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c", + "source_file_line": 310 + }, + { + "line": "#14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)", + "address": 4315049, + "function_name": "_start", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4315049 + } + ], + "full_stack_names": [ + "__sanitizer_print_stack_trace", + "fuzzer::PrintStackTrace()", + "fuzzer::Fuzzer::HandleMalloc(unsigned long)", + "fuzzer::MallocHook(void const volatile*, unsigned long)", + "__sanitizer::RunMallocHooks(void const*, unsigned long)", + "__asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool)", + "__asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*)", + "malloc", + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "main", + "__libc_start_main", + "_start" + ], + "minimized_stack_details": [ + { + "line": "#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18", + "address": 5557284, + "function_name": "fuzz.c", + "function_offset": 18, + "source_file_name": "fuzz.c", + "source_file_path": "/home/user/src/onefuzz/src/agent/fuzz.c", + "source_file_line": 9 + } + ], + "minimized_stack": [ + "fuzz.c" + ], + "minimized_stack_function_names": [ + "fuzz.c" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-rss.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-rss.json new file mode 100644 index 000000000..475aaf202 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-rss.json @@ -0,0 +1,64 @@ +{ + "text": "INFO: Seed: 3192757444\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [0x7a1eb0, 0x7a1ebc),\nINFO: Loaded 1 PC tables (12 PCs): 12 [0x566fd8,0x567098),\n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: good.txt\n==25201== ERROR: libFuzzer: out-of-memory (used: 134Mb; limit: 1Mb)\n To change the out-of-memory limit use -rss_limit_mb=\n\nLive Heap Allocations: 21573335 bytes in 22 chunks; quarantined: 100009208 bytes in 8 chunks; 5943 other chunks; total chunks: 5973; showing top 95% (at most 8 unique contexts)\n21499304 byte(s) (99%) in 10 allocation(s)\n #0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)\n #1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)\n #2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)\n #3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310\n\nSUMMARY: libFuzzer: out-of-memory", + "sanitizer": "libFuzzer", + "summary": "libFuzzer: out-of-memory", + "fault_type": "out-of-memory", + "call_stack": [ + "#0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)", + "#1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)", + "#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)", + "#3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310" + ], + "full_stack_details": [ + { + "line": "#0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)", + "address": 5362909, + "function_name": "malloc", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 5362909 + }, + { + "line": "#1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)", + "address": 4397975, + "function_name": "operator new(unsigned long)", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4397975 + }, + { + "line": "#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)", + "address": 4659282, + "function_name": "main", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4659282 + }, + { + "line": "#3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310", + "address": 139836329073558, + "function_name": "__libc_start_main", + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c", + "source_file_line": 310 + } + ], + "full_stack_names": [ + "malloc", + "operator new(unsigned long)", + "main", + "__libc_start_main" + ], + "minimized_stack_details": [ + { + "line": "#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)", + "address": 4659282, + "function_name": "main", + "module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe", + "module_offset": 4659282 + } + ], + "minimized_stack": [ + "main" + ], + "minimized_stack_function_names": [ + "main" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness-underflow.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness-underflow.json new file mode 100644 index 000000000..4a55b9f19 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness-underflow.json @@ -0,0 +1,116 @@ +{ + "text": "=================================================================\n==32266==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffd2173f200 at pc 0x0000004fd403 bp 0x7ffd2173f1f0 sp 0x7ffd2173f1e8\nWRITE of size 4 at 0x7ffd2173f200 thread T0\nSCARINESS: 51 (4-byte-write-stack-buffer-underflow)\n #0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69\n #1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)\n #2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)\n #3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)\n #4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)\n #5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)\n #6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)\n #7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16\n #8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)\n\nAddress 0x7ffd2173f200 is located in stack of thread T0 at offset 0 in frame\n #0 0x4fcccf in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:8\n\n This frame has 1 object(s):\n [32, 36) 'cnt' (line 9)\nHINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork\n (longjmp and C++ exceptions *are* supported)\nSUMMARY: AddressSanitizer: stack-buffer-underflow /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69 in LLVMFuzzerTestOneInput\nShadow bytes around the buggy address:\n 0x1000242dfdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x1000242dfe40:[f1]f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00\n 0x1000242dfe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==32266==ABORTING\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer: stack-buffer-underflow /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69 in LLVMFuzzerTestOneInput", + "fault_type": "stack-buffer-underflow", + "call_stack": [ + "#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69", + "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)", + "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)", + "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)", + "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)", + "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)", + "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)", + "#7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16", + "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)" + ], + "full_stack_details": [ + { + "line": "#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69", + "address": 5231618, + "function_name": "LLVMFuzzerTestOneInput", + "function_offset": 69, + "source_file_name": "simple.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c", + "source_file_line": 28 + }, + { + "line": "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)", + "address": 4436593, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4436593 + }, + { + "line": "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)", + "address": 4434341, + "function_name": "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4434341 + }, + { + "line": "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)", + "address": 4444059, + "function_name": "fuzzer::Fuzzer::MutateAndTestOne()", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4444059 + }, + { + "line": "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)", + "address": 4447509, + "function_name": "fuzzer::Fuzzer::Loop(std::vector >&)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4447509 + }, + { + "line": "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)", + "address": 4364699, + "function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4364699 + }, + { + "line": "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)", + "address": 4544418, + "function_name": "main", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4544418 + }, + { + "line": "#7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16", + "address": 140220051017906, + "function_name": "__libc_start_main", + "function_offset": 16, + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c", + "source_file_line": 308 + }, + { + "line": "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)", + "address": 4315993, + "function_name": "_start", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4315993 + } + ], + "full_stack_names": [ + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)", + "fuzzer::Fuzzer::MutateAndTestOne()", + "fuzzer::Fuzzer::Loop(std::vector >&)", + "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "main", + "__libc_start_main", + "_start" + ], + "minimized_stack_details": [ + { + "line": "#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69", + "address": 5231618, + "function_name": "simple.c", + "function_offset": 69, + "source_file_name": "simple.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c", + "source_file_line": 28 + } + ], + "minimized_stack": [ + "simple.c" + ], + "minimized_stack_function_names": [ + "simple.c" + ], + "scariness_score": 51, + "scariness_description": "4-byte-write-stack-buffer-underflow" +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness.json new file mode 100644 index 000000000..ef4b7b7e4 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness.json @@ -0,0 +1,116 @@ +{ + "text": "=================================================================\n==28073==ERROR: AddressSanitizer: FPE on unknown address 0x0000004fd774 (pc 0x0000004fd774 bp 0x7ffd45d2c110 sp 0x7ffd45d2bf00 T0)\nSCARINESS: 10 (signal)\n #0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32\n #1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)\n #2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)\n #3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)\n #4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)\n #5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)\n #6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)\n #7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16\n #8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: FPE /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32 in LLVMFuzzerTestOneInput\n==28073==ABORTING\n", + "sanitizer": "AddressSanitizer", + "summary": "AddressSanitizer: FPE /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32 in LLVMFuzzerTestOneInput", + "fault_type": "FPE", + "call_stack": [ + "#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32", + "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)", + "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)", + "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)", + "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)", + "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)", + "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)", + "#7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16", + "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)" + ], + "full_stack_details": [ + { + "line": "#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32", + "address": 5232499, + "function_name": "LLVMFuzzerTestOneInput", + "function_offset": 32, + "source_file_name": "simple.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c", + "source_file_line": 58 + }, + { + "line": "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)", + "address": 4436593, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4436593 + }, + { + "line": "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)", + "address": 4434341, + "function_name": "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4434341 + }, + { + "line": "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)", + "address": 4444059, + "function_name": "fuzzer::Fuzzer::MutateAndTestOne()", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4444059 + }, + { + "line": "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)", + "address": 4447509, + "function_name": "fuzzer::Fuzzer::Loop(std::vector >&)", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4447509 + }, + { + "line": "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)", + "address": 4364699, + "function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4364699 + }, + { + "line": "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)", + "address": 4544418, + "function_name": "main", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4544418 + }, + { + "line": "#7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16", + "address": 140491454779570, + "function_name": "__libc_start_main", + "function_offset": 16, + "source_file_name": "libc-start.c", + "source_file_path": "/build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c", + "source_file_line": 308 + }, + { + "line": "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)", + "address": 4315993, + "function_name": "_start", + "module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe", + "module_offset": 4315993 + } + ], + "full_stack_names": [ + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)", + "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)", + "fuzzer::Fuzzer::MutateAndTestOne()", + "fuzzer::Fuzzer::Loop(std::vector >&)", + "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))", + "main", + "__libc_start_main", + "_start" + ], + "minimized_stack_details": [ + { + "line": "#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32", + "address": 5232499, + "function_name": "simple.c", + "function_offset": 32, + "source_file_name": "simple.c", + "source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c", + "source_file_line": 58 + } + ], + "minimized_stack": [ + "simple.c" + ], + "minimized_stack_function_names": [ + "simple.c" + ], + "scariness_score": 10, + "scariness_description": "signal" +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.json new file mode 100644 index 000000000..79ef0f701 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.json @@ -0,0 +1,184 @@ +{ + "text": "INFO: Seed: 695951618\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF739F96088, 00007FF739F96094),\nINFO: Loaded 1 PC tables (12 PCs): 12 [00007FF739F48720,00007FF739F487E0),\nX:\\fuzz\\fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: .\\good.txt\n==1060== ERROR: libFuzzer: out-of-memory (malloc(2000000))\n To change the out-of-memory limit use -rss_limit_mb=\n\n #0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86\n #1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205\n #2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130\n #3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99\n #4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299\n #5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560\n #6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892\n #7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99\n #8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)\n #9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556\n #10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293\n #11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779\n #12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19\n #13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288\n #14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)\n #15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)\n\nSUMMARY: libFuzzer: out-of-memory", + "sanitizer": "libFuzzer", + "summary": "libFuzzer: out-of-memory", + "fault_type": "out-of-memory", + "call_stack": [ + "#0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86", + "#1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205", + "#2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130", + "#3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99", + "#4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299", + "#5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560", + "#6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892", + "#7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99", + "#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)", + "#9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556", + "#10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293", + "#11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779", + "#12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19", + "#13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288", + "#14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)", + "#15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)" + ], + "full_stack_details": [ + { + "line": "#0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86", + "address": 140699804702888, + "function_name": "__sanitizer_print_stack_trace", + "source_file_name": "asan_stack.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp", + "source_file_line": 86 + }, + { + "line": "#1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205", + "address": 140699804863108, + "function_name": "fuzzer::PrintStackTrace(void)", + "source_file_name": "FuzzerUtil.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp", + "source_file_line": 205 + }, + { + "line": "#2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130", + "address": 140699804987601, + "function_name": "fuzzer::Fuzzer::HandleMalloc(unsigned __int64)", + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp", + "source_file_line": 130 + }, + { + "line": "#3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99", + "address": 140699804987383, + "function_name": "fuzzer::MallocHook(void const volatile *, unsigned __int64)", + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp", + "source_file_line": 99 + }, + { + "line": "#4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299", + "address": 140699804673849, + "function_name": "__sanitizer::RunMallocHooks(void const *, unsigned __int64)", + "source_file_name": "sanitizer_common.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp", + "source_file_line": 299 + }, + { + "line": "#5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560", + "address": 140699804813410, + "function_name": "__asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool)", + "source_file_name": "asan_allocator.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp", + "source_file_line": 560 + }, + { + "line": "#6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892", + "address": 140699804811625, + "function_name": "__asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *)", + "source_file_name": "asan_allocator.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp", + "source_file_line": 892 + }, + { + "line": "#7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99", + "address": 140699804735280, + "function_name": "malloc", + "source_file_name": "asan_malloc_win.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp", + "source_file_line": 99 + }, + { + "line": "#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)", + "address": 140699804569697, + "function_name": "LLVMFuzzerTestOneInput", + "module_path": "X:\\fuzz\\fuzz.exe", + "module_offset": 5368713313 + }, + { + "line": "#9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556", + "address": 140699804999914, + "function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64)", + "source_file_name": "FuzzerLoop.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp", + "source_file_line": 556 + }, + { + "line": "#10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293", + "address": 140699805077541, + "function_name": "fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64)", + "source_file_name": "FuzzerDriver.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp", + "source_file_line": 293 + }, + { + "line": "#11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779", + "address": 140699805098102, + "function_name": "fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64))", + "source_file_name": "FuzzerDriver.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp", + "source_file_line": 779 + }, + { + "line": "#12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19", + "address": 140699804843714, + "function_name": "main", + "source_file_name": "FuzzerMain.cpp", + "source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp", + "source_file_line": 19 + }, + { + "line": "#13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288", + "address": 140699805129567, + "function_name": "__scrt_common_main_seh", + "source_file_name": "exe_common.inl", + "source_file_path": "d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl", + "source_file_line": 288 + }, + { + "line": "#14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)", + "address": 140714233327571, + "function_name": "BaseThreadInitThunk", + "module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL", + "module_offset": 6442545107 + }, + { + "line": "#15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)", + "address": 140714257927872, + "function_name": "RtlUserThreadStart", + "module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll", + "module_offset": 6442766016 + } + ], + "full_stack_names": [ + "__sanitizer_print_stack_trace", + "fuzzer::PrintStackTrace(void)", + "fuzzer::Fuzzer::HandleMalloc(unsigned __int64)", + "fuzzer::MallocHook(void const volatile *, unsigned __int64)", + "__sanitizer::RunMallocHooks(void const *, unsigned __int64)", + "__asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool)", + "__asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *)", + "malloc", + "LLVMFuzzerTestOneInput", + "fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64)", + "fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64)", + "fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64))", + "main", + "__scrt_common_main_seh", + "BaseThreadInitThunk", + "RtlUserThreadStart" + ], + "minimized_stack_details": [ + { + "line": "#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)", + "address": 140699804569697, + "function_name": "LLVMFuzzerTestOneInput", + "module_path": "X:\\fuzz\\fuzz.exe", + "module_offset": 5368713313 + } + ], + "minimized_stack": [ + "LLVMFuzzerTestOneInput" + ], + "minimized_stack_function_names": [ + "LLVMFuzzerTestOneInput" + ] +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-rss.json b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-rss.json new file mode 100644 index 000000000..633ae9d73 --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-rss.json @@ -0,0 +1,6 @@ +{ + "text": "INFO: Seed: 3655625785\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF7C1F46088, 00007FF7C1F46094),\nINFO: Loaded 1 PC tables (12 PCs): 12 [00007FF7C1EF8720,00007FF7C1EF87E0),\nX:\\fuzz\\fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: .\\good.txt\n==12788== ERROR: libFuzzer: out-of-memory (used: 178Mb; limit: 1Mb)\n To change the out-of-memory limit use -rss_limit_mb=\n\nSUMMARY: libFuzzer: out-of-memory", + "sanitizer": "libFuzzer", + "summary": "libFuzzer: out-of-memory", + "fault_type": "out-of-memory" +} diff --git a/src/agent/stacktrace-parser/data/parsed-traces/tsan-linux-llvm10-data-race.json b/src/agent/stacktrace-parser/data/parsed-traces/tsan-linux-llvm10-data-race.json new file mode 100644 index 000000000..336e563ed --- /dev/null +++ b/src/agent/stacktrace-parser/data/parsed-traces/tsan-linux-llvm10-data-race.json @@ -0,0 +1,6 @@ +{ + "text": "==================\nWARNING: ThreadSanitizer: data race (pid=4659)\n Write of size 4 at 0x000001109278 by thread T1:\n #0 Thread1 /home/user/fuzz-targets/tiny_race.c:4:10 (tiny_race.exe+0x4ac607)\n\n Previous write of size 4 at 0x000001109278 by main thread:\n #0 main /home/user/fuzz-targets/tiny_race.c:10:10 (tiny_race.exe+0x4ac64e)\n\n Location is global 'Global' of size 4 at 0x000001109278 (tiny_race.exe+0x000001109278)\n\n Thread T1 (tid=4661, running) created by main thread at:\n #0 pthread_create (tiny_race.exe+0x422fe5)\n #1 main /home/user/fuzz-targets/tiny_race.c:9:3 (tiny_race.exe+0x4ac644)\n\nSUMMARY: ThreadSanitizer: data race /home/user/fuzz-targets/tiny_race.c:4:10 in Thread1\n==================\nThreadSanitizer: reported 1 warnings", + "sanitizer": "ThreadSanitizer", + "summary": "ThreadSanitizer: data race /home/user/fuzz-targets/tiny_race.c:4:10 in Thread1", + "fault_type": "data race" +} diff --git a/src/agent/onefuzz/data/asan-check-failure-missing-symbolizer.txt b/src/agent/stacktrace-parser/data/stack-traces/asan-check-failure-missing-symbolizer.txt similarity index 100% rename from src/agent/onefuzz/data/asan-check-failure-missing-symbolizer.txt rename to src/agent/stacktrace-parser/data/stack-traces/asan-check-failure-missing-symbolizer.txt diff --git a/src/agent/onefuzz/data/asan-check-failure.txt b/src/agent/stacktrace-parser/data/stack-traces/asan-check-failure.txt similarity index 100% rename from src/agent/onefuzz/data/asan-check-failure.txt rename to src/agent/stacktrace-parser/data/stack-traces/asan-check-failure.txt diff --git a/src/agent/onefuzz/data/asan-odr-violation.txt b/src/agent/stacktrace-parser/data/stack-traces/asan-odr-violation.txt similarity index 100% rename from src/agent/onefuzz/data/asan-odr-violation.txt rename to src/agent/stacktrace-parser/data/stack-traces/asan-odr-violation.txt diff --git a/src/agent/onefuzz/data/clang-10-asan-breakpoint.txt b/src/agent/stacktrace-parser/data/stack-traces/clang-10-asan-breakpoint.txt similarity index 100% rename from src/agent/onefuzz/data/clang-10-asan-breakpoint.txt rename to src/agent/stacktrace-parser/data/stack-traces/clang-10-asan-breakpoint.txt diff --git a/src/agent/onefuzz/data/libfuzzer-asan-log.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-asan-log.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-asan-log.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-asan-log.txt diff --git a/src/agent/onefuzz/data/libfuzzer-deadly-signal.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-deadly-signal.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-deadly-signal.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-deadly-signal.txt diff --git a/src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-malloc.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-malloc.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.txt diff --git a/src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-rss.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-rss.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-rss.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-rss.txt diff --git a/src/agent/onefuzz/data/libfuzzer-scariness-underflow.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness-underflow.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-scariness-underflow.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness-underflow.txt diff --git a/src/agent/onefuzz/data/libfuzzer-scariness.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-scariness.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness.txt diff --git a/src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-malloc.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-malloc.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.txt diff --git a/src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-rss.txt b/src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-rss.txt similarity index 100% rename from src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-rss.txt rename to src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-rss.txt diff --git a/src/agent/onefuzz/data/tsan-linux-llvm10-data-race.txt b/src/agent/stacktrace-parser/data/stack-traces/tsan-linux-llvm10-data-race.txt similarity index 100% rename from src/agent/onefuzz/data/tsan-linux-llvm10-data-race.txt rename to src/agent/stacktrace-parser/data/stack-traces/tsan-linux-llvm10-data-race.txt diff --git a/src/agent/stacktrace-parser/src/asan.rs b/src/agent/stacktrace-parser/src/asan.rs new file mode 100644 index 000000000..615f4091b --- /dev/null +++ b/src/agent/stacktrace-parser/src/asan.rs @@ -0,0 +1,266 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +use crate::StackEntry; +use anyhow::{bail, Result}; +use regex::Regex; + +pub(crate) fn parse_asan_call_stack(text: &str) -> Result> { + let mut stack = vec![]; + let mut parsing_stack = false; + + let base = r"\s*#(?P\d+)\s+0x(?P
[0-9a-fA-F]+)\s"; + let entries = &[ + // "module::func(char *args) (/path/to/bin+0x123)" + r"in (?P.*) \((?P[^+]+)\+0x(?P[0-9a-fA-F]+)\)", + // "in foo /path:16:17" + r"in (?P.*) (?P[^ ]+):(?P\d+):(?P\d+)", + // "in foo /path:16" + r"in (?P.*) (?P[^ ]+):(?P\d+)", + // " (/path/to/bin+0x123)" + r" \((?P.*)\+0x(?P[0-9a-fA-F]+)\)$", + // "in libc.so.6" + r"in (?P[a-z0-9.]+)$", + // "in _objc_terminate()" + r"in (?P.*)", + ]; + + let asan_re = format!("^{}(?:{})$", base, entries.join("|")); + + let asan_base = Regex::new(&asan_re).expect("asan regex failed to compile"); + + for line in text.lines() { + let line = line.trim(); + // println!("LINE: {:?}", line); + let asan_captures = asan_base.captures(line); + match (parsing_stack, asan_captures) { + (true, None) => break, + (false, None) => { + continue; + } + (_, Some(captures)) => { + parsing_stack = true; + + // the base capture always matches + let line = captures[0].to_string(); + // address base capture always matches + let address = Some(u64::from_str_radix(&captures["address"], 16)?); + + let function_name = captures + .name("func_1") + .or_else(|| captures.name("func_2")) + .or_else(|| captures.name("func_3")) + .or_else(|| captures.name("func_4")) + .map(|x| x.as_str().to_string()); + + let source_file_path = captures + .name("file_path_1") + .or_else(|| captures.name("file_path_2")) + .map(|x| x.as_str().to_string()); + + let source_file_name = source_file_path + .as_ref() + .map(|x| get_call_stack_file_name(x)); + + let source_file_line = match captures + .name("file_line_1") + .or_else(|| captures.name("file_line_2")) + .map(|x| x.as_str()) + { + Some(x) => Some(x.parse()?), + None => None, + }; + + let function_offset = match captures.name("function_offset_1").map(|x| x.as_str()) { + Some(x) => Some(x.parse()?), + None => None, + }; + + let module_path = captures + .name("module_path_1") + .or_else(|| captures.name("module_path_2")) + .or_else(|| captures.name("module_path_3")) + .map(|x| x.as_str().to_string()); + + let module_offset = match captures + .name("module_offset_1") + .or_else(|| captures.name("module_offset_2")) + .map(|x| x.as_str()) + { + Some(x) => Some(u64::from_str_radix(x, 16)?), + None => None, + }; + + let entry = StackEntry { + line, + address, + function_name, + source_file_path, + source_file_name, + source_file_line, + module_path, + module_offset, + function_offset, + }; + stack.push(entry); + } + } + } + + Ok(stack) +} + +pub(crate) fn parse_scariness(text: &str) -> Option<(u32, String)> { + let pattern = r"(?m)^SCARINESS: (\d+) \(([^\)]+)\)\r?$"; + let re = Regex::new(pattern).ok()?; + let captures = re.captures(text)?; + let index = u32::from_str_radix(captures.get(1)?.as_str(), 10).ok()?; + let value = captures.get(2)?.as_str().trim(); + + Some((index, value.into())) +} + +pub(crate) fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> { + let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)"; + let re = Regex::new(pattern).ok()?; + let captures = re.captures(text)?; + let summary = captures.get(1)?.as_str().trim(); + let sanitizer = captures.get(2)?.as_str().trim(); + let fault_type = captures.get(3)?.as_str().trim(); + Some((summary.into(), sanitizer.into(), fault_type.into())) +} + +pub(crate) fn parse_asan_abort_error(text: &str) -> Option<(String, String, String)> { + let pattern = r"==\d+==\s*(ERROR|WARNING): (?P(?P\w+Sanitizer|libFuzzer): (?PABRT|access-violation|deadly signal|use-of-uninitialized-value|stack-overflow)[^\n]*)"; + let re = Regex::new(pattern).ok()?; + let captures = re.captures(text)?; + let summary = captures.name("summary")?.as_str().trim(); + let sanitizer = captures.name("sanitizer")?.as_str().trim(); + let fault_type = captures.name("fault_type")?.as_str().trim(); + Some((summary.into(), sanitizer.into(), fault_type.into())) +} + +pub(crate) fn parse_summary_base(text: &str) -> Option<(String, String, String)> { + let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|odr-violation|[^ \n]+).*)"; + let re = Regex::new(pattern).ok()?; + let captures = re.captures(text)?; + let summary = captures.get(1)?.as_str().trim(); + let sanitizer = captures.get(2)?.as_str().trim(); + let fault_type = captures.get(3)?.as_str().trim(); + Some((summary.into(), sanitizer.into(), fault_type.into())) +} + +pub(crate) fn parse_summary(text: &str) -> Result<(String, String, String)> { + if let Some((summary, sanitizer, fault_type)) = parse_summary_base(&text) { + return Ok((summary, sanitizer, fault_type)); + } + if let Some((summary, sanitizer, fault_type)) = parse_asan_abort_error(&text) { + return Ok((summary, sanitizer, fault_type)); + } + if let Some((summary, sanitizer, fault_type)) = parse_asan_runtime_error(&text) { + return Ok((summary, sanitizer, fault_type)); + } + + bail!("unable to parse crash log summary") +} + +// Unfortunately, we can't just use Path's split as we want to +// parse stack frames from OSes other than OS the app is running +// on +fn get_call_stack_file_name(file_path: &str) -> String { + let split: Vec<_> = file_path.rsplitn(2, '/').collect(); + if split.len() == 2 { + return split[0].to_string(); + } + + let split: Vec<_> = file_path.rsplitn(2, '\\').collect(); + if split.len() == 2 { + return split[0].to_string(); + } + + file_path.to_string() +} + +#[cfg(test)] +mod tests { + use super::{parse_asan_call_stack, StackEntry}; + use anyhow::{Context, Result}; + use pretty_assertions::assert_eq; + + #[test] + fn test_asan_stack_line() -> Result<()> { + let test_cases = vec![ + ( + r"#0 0x1 (/path/to/bin+0x2)", + vec![StackEntry { + line: r"#0 0x1 (/path/to/bin+0x2)".to_string(), + address: Some(1), + module_path: Some("/path/to/bin".to_string()), + module_offset: Some(2), + ..Default::default() + }], + ), + ( + r"#42 0xf (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18004cec0)", + vec![StackEntry { + line: r"#42 0xf (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18004cec0)".to_string(), + address: Some(15), + module_path: Some(r"C:\WINDOWS\SYSTEM32\ntdll.dll".to_string()), + module_offset: Some(6442766016), + ..Default::default() + }], + ), + ( + r"#10 0xee in module::func(fuzzer::Fuzzer*, char const*, unsigned long) (/path/to/bin+0x123)", + vec![StackEntry { + line: r"#10 0xee in module::func(fuzzer::Fuzzer*, char const*, unsigned long) (/path/to/bin+0x123)".to_string(), + address: Some(238), + function_name: Some("module::func(fuzzer::Fuzzer*, char const*, unsigned long)".to_string()), + module_path: Some(r"/path/to/bin".to_string()), + module_offset: Some(291), + ..Default::default() + }], + ), + ( + r"#8 0x123 in from_file /path/to/source.c:67:12", + vec![StackEntry { + line: r"#8 0x123 in from_file /path/to/source.c:67:12".to_string(), + address: Some(291), + function_name: Some("from_file".to_string()), + function_offset: Some(12), + source_file_path: Some("/path/to/source.c".to_string()), + source_file_name: Some("source.c".to_string()), + source_file_line: Some(67), + ..Default::default() + }], + ), + ( + r"#0 0x3 in libc.so.6", + vec![StackEntry { + line: r"#0 0x3 in libc.so.6".to_string(), + address: Some(3), + module_path: Some("libc.so.6".to_string()), + ..Default::default() + }], + ), + ( + r"#10 0x55 (/usr/lib/libc++abi.dylib:x86_64+0x10)", + vec![StackEntry { + line: r"#10 0x55 (/usr/lib/libc++abi.dylib:x86_64+0x10)".to_string(), + address: Some(0x55), + module_path: Some("/usr/lib/libc++abi.dylib:x86_64".to_string()), + module_offset: Some(0x10), + ..Default::default() + }], + ) + ]; + + for (data, expected) in test_cases { + let parsed = parse_asan_call_stack(data.clone()) + .with_context(|| format!("parsing asan stack failed {}", data))?; + assert_eq!(expected, parsed); + } + + Ok(()) + } +} diff --git a/src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs b/src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs new file mode 100644 index 000000000..ca8e3d7ea --- /dev/null +++ b/src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs @@ -0,0 +1,17 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +use anyhow::Result; +use stacktrace_parser::CrashLog; +use std::{env, fs}; + +fn main() -> Result<()> { + for filename in env::args().skip(1) { + let data = fs::read_to_string(&filename)?; + let asan = CrashLog::parse(data)?; + eprintln!("{}", filename); + println!("{}", serde_json::to_string_pretty(&asan)?); + } + + Ok(()) +} diff --git a/src/agent/stacktrace-parser/src/lib.rs b/src/agent/stacktrace-parser/src/lib.rs new file mode 100644 index 000000000..8d7395d0d --- /dev/null +++ b/src/agent/stacktrace-parser/src/lib.rs @@ -0,0 +1,446 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +use anyhow::Result; +use libclusterfuzz::get_stack_filter; +use regex::RegexSet; +use serde::{Deserialize, Serialize}; +use sha2::{Digest, Sha256}; + +mod asan; + +#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)] +pub struct StackEntry { + pub line: String, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub address: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub function_name: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub function_offset: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub source_file_name: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub source_file_path: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub source_file_line: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub module_path: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub module_offset: Option, +} + +#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)] +pub struct CrashLog { + pub text: String, + pub sanitizer: String, + pub summary: String, + pub fault_type: String, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub call_stack: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub full_stack_details: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub full_stack_names: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub minimized_stack_details: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub minimized_stack: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Vec::is_empty")] + pub minimized_stack_function_names: Vec, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub scariness_score: Option, + #[serde(default)] + #[serde(skip_serializing_if = "Option::is_none")] + pub scariness_description: Option, +} + +fn function_without_args(func: &str) -> String { + // TODO: This is an extremely niave approach to splitting arguments. It + // doesn't handle C++ well. As an example: + // + // This turns this: + // "base::internal::RunnableAdapter >)>::Run", + // + // Into this: + // "base::internal::RunnableAdapter Option { + let mut entry = entry.clone(); + if let Some(name) = &entry.function_name { + // mirror Clusterfuzz's replacing LLVMFuzzerTestOneInput + // with the fuzzer filename + // + // Ref: https://github.com/google/clusterfuzz/blob/ + // a6bb73e4988f4a7064e990a0a78cc6bc812ef741/src/python/ + // lib/clusterfuzz/stacktraces/__init__.py#L1362-L1373 + if name == "LLVMFuzzerTestOneInput" { + if let Some(file_name) = &entry.source_file_name { + entry.function_name = Some(file_name.to_string()); + return Some(entry); + } + } + if stack_filter.is_match(name) { + return None; + } + } + + Some(entry) +} + +impl CrashLog { + pub fn parse(text: String) -> Result { + let (summary, sanitizer, fault_type) = parse_summary(&text)?; + let full_stack_details = parse_call_stack(&text).unwrap_or_default(); + let (scariness_score, scariness_description) = parse_scariness(&text); + + let call_stack = full_stack_details.iter().map(|x| x.line.clone()).collect(); + let stack_filter = get_stack_filter(); + + let mut minimized_stack_details: Vec = full_stack_details + .iter() + .filter_map(|x| filter_funcs(x, &stack_filter)) + .collect(); + + // if we don't have a minimized stack, if one of these functions is on + // the stack, use it + for entry in &[ + "LLVMFuzzerTestOneInput", + "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)", + "main", + ] { + if !minimized_stack_details.is_empty() { + break; + } + let value = Some(String::from(*entry)); + minimized_stack_details = full_stack_details + .iter() + .filter_map(|x| { + if x.function_name == value { + Some(x.clone()) + } else { + None + } + }) + .collect(); + } + + let full_stack_names: Vec = full_stack_details + .iter() + .filter_map(|x| x.function_name.as_ref().cloned()) + .collect(); + + let minimized_stack: Vec = minimized_stack_details + .iter() + .filter_map(|x| x.function_name.clone()) + .collect(); + + let minimized_stack_function_names: Vec = minimized_stack + .iter() + .map(|x| function_without_args(x)) + .collect(); + + let log = Self { + text, + sanitizer, + summary, + fault_type, + call_stack, + scariness_score, + scariness_description, + full_stack_details, + full_stack_names, + minimized_stack, + minimized_stack_function_names, + minimized_stack_details, + }; + + Ok(log) + } + + pub fn call_stack_sha256(&self) -> String { + digest_iter(&self.call_stack, None) + } + + pub fn minimized_stack_sha256(&self, depth: Option) -> String { + digest_iter(&self.minimized_stack, depth) + } + + pub fn minimized_stack_function_names_sha256(&self, depth: Option) -> String { + digest_iter(&self.minimized_stack_function_names, depth) + } +} + +fn parse_summary(text: &str) -> Result<(String, String, String)> { + // eventually, this should be updated to support multiple callstack formats + asan::parse_summary(&text) +} + +fn parse_scariness(text: &str) -> (Option, Option) { + // eventually, this should be updated to support multiple callstack formats, + // including building this value + match asan::parse_scariness(&text) { + Some((x, y)) => (Some(x), Some(y)), + None => (None, None), + } +} + +pub fn parse_call_stack(text: &str) -> Result> { + // eventually, this should be updated to support multiple callstack formats + asan::parse_asan_call_stack(text) +} + +fn digest_iter(data: impl IntoIterator>, depth: Option) -> String { + let mut ctx = Sha256::new(); + + if let Some(depth) = depth { + for frame in data.into_iter().take(depth) { + ctx.update(frame); + } + } else { + for frame in data { + ctx.update(frame); + } + } + + hex::encode(ctx.finalize()) +} + +#[cfg(test)] +mod tests { + use super::CrashLog; + use anyhow::{Context, Result}; + use pretty_assertions::assert_eq; + use serde_json; + use std::fs; + use std::path::Path; + + fn check_dir( + src_dir: &Path, + expected_dir: &Path, + skip_files: Vec<&str>, + skip_minimized_check: Vec<&str>, + ) -> Result<()> { + // TODO: once the stack trace data from clusterfuzz is added, these should be removed + if !src_dir.exists() { + eprintln!("no sources to check"); + return Ok(()); + } + if !expected_dir.exists() { + eprintln!("no destinations to check"); + return Ok(()); + } + + for entry in fs::read_dir(src_dir)? { + let path = entry?.path(); + if !path.is_file() { + eprintln!("only checking files: {}", path.display()); + continue; + } + + let file_name = path.file_name().unwrap().to_str().unwrap(); + if skip_files.contains(&file_name) { + eprintln!("skipping file: {}", file_name); + continue; + } + + let data_raw = + fs::read_to_string(&path).with_context(|| format!("reading {}", path.display()))?; + let data = data_raw.replace("\r\n", "\n"); + + let parsed = CrashLog::parse(data.clone()).with_context(|| { + format!( + "parsing\n{}\n{}\n\n{}", + path.display(), + data, + path.display() + ) + })?; + + if !skip_minimized_check.contains(&file_name) { + if !parsed.call_stack.is_empty() && !parsed.full_stack_names.is_empty() { + assert!( + !parsed.minimized_stack.is_empty(), + "minimized call stack got reduced to nothing {}", + path.display() + ); + } + } + + let mut expected_path = expected_dir.join(&file_name); + expected_path.set_extension("json"); + if !expected_path.is_file() { + eprintln!( + "missing expected result: {} - {}", + path.display(), + expected_path.display() + ); + continue; + } + + let expected_data = fs::read_to_string(&expected_path)?; + let expected: CrashLog = serde_json::from_str(&expected_data)?; + assert_eq!(expected, parsed, "{}", path.display()); + } + Ok(()) + } + + #[test] + fn test_asan_log_parse() -> Result<()> { + let src_dir = Path::new("data/stack-traces/"); + let expected_dir = Path::new("data/parsed-traces/"); + let skip_files = vec![]; + + let skip_minimized_check = vec!["asan-odr-violation.txt"]; + check_dir(src_dir, expected_dir, skip_files, skip_minimized_check)?; + + Ok(()) + } + + #[test] + fn test_clusterfuzz_traces() -> Result<()> { + let src_dir = Path::new("../libclusterfuzz/data/stack-traces/"); + let expected_dir = Path::new("../libclusterfuzz/data/parsed-traces/"); + let skip_files = vec![ + // fuchsia libfuzzer + "fuchsia_ignore.txt", + "fuchsia_reproducible_crash.txt", + // other (non-libfuzzer) + "android_null_stack.txt", + "android_security_dcheck_failure.txt", + "assert_in_drt_string.txt", + "check_failure_android_media.txt", + "check_failure_android_media2.txt", + "check_failure_chrome.txt", + "check_failure_chrome_android.txt", + "check_failure_chrome_android2.txt", + "check_failure_chrome_mac.txt", + "check_failure_chrome_media.txt", + "check_failure_chrome_win.txt", + "check_failure_with_assert_message.txt", + "check_failure_with_comparison.txt", + "check_failure_with_comparison2.txt", + "check_failure_with_handle_sigill=0.txt", + "generic_segv.txt", + "ignore_libc_if_symbolized.txt", + "keep_libc_if_unsymbolized.txt", + "missing_library_android.txt", + "missing_library_linux.txt", + "oom.txt", + "stack_filtering.txt", + // java + "java_IllegalStateException.txt", + "java_fatal_exception.txt", + // cdb + "cdb_divide_by_zero.txt", + "cdb_integer_overflow.txt", + "cdb_other.txt", + "cdb_read.txt", + "cdb_read_x64.txt", + "cdb_stack_overflow.txt", + // gdb + "gdb_sigtrap.txt", + // v8 panic + "ignore_asan_warning.txt", + "security_check_failure.txt", + "security_dcheck_failure.txt", + "v8_check.txt", + "v8_check_eq.txt", + "v8_check_symbolized.txt", + "v8_check_windows.txt", + "v8_correctness_failure.txt", + "v8_fatal_error_no_check.txt", + "v8_fatal_error_partial.txt", + "v8_javascript_assertion_should_pass.txt", + "v8_oom.txt", + "v8_representation_changer_error.txt", + "v8_runtime_error.txt", + "v8_unimplemented_code.txt", + "v8_unknown_fatal_error.txt", + "v8_unreachable_code.txt", + "v8_dcheck_symbolized.txt", + // golang + "golang_fatal_error_stack_overflow.txt", + "golang_panic_custom_short_message.txt", + "golang_panic_runtime_error_slice_bounds_out_of_range.txt", + "golang_new_crash_type_and_asan_abrt.txt", + "golang_panic_runtime_error_index_out_of_range_with_msan.txt", + "golang_panic_runtime_error_index_out_of_range.txt", + "golang_panic_runtime_error_integer_divide_by_zero.txt", + "golang_panic_runtime_error_invalid_memory_address.txt", + "golang_panic_runtime_error_makeslice_len_out_of_range.txt", + "golang_panic_with_type_assertions_in_frames.txt", + "golang_sigsegv_panic.txt", + "golang_generic_fatal_error_and_asan_abrt.txt", + "golang_asan_panic.txt", + "golang_generic_panic_and_asan_abrt.txt", + // linux kernel + "android_kernel.txt", + "android_kernel_no_parens.txt", + "kasan_gpf.txt", + "kasan_null.txt", + "kasan_oob_read.txt", + "kasan_syzkaller.txt", + "kasan_syzkaller_android.txt", + "kasan_uaf.txt", + // ??? + "asan_in_drt_string.txt", + // cfi check + "cfi_bad_cast_indirect_fc.txt", + "cfi_invalid_vtable.txt", + "cfi_nodebug.txt", + "cfi_unrelated_vtable.txt", + // UBSAN - TODO - these should be handled + "ubsan_bad_cast_downcast.txt", + "ubsan_integer_overflow_addition.txt", + "ubsan_non_positive_vla_bound_value.txt", + "ubsan_null_pointer_member_call.txt", + "ubsan_object_size.txt", + "ubsan_pointer_overflow.txt", + "ubsan_unsigned_integer_overflow.txt", + // HWAddressSanitizer TODO - these should get handled + "hwasan_tag_mismatch.txt", + // TODO - needs fixed + "android_asan_uaf.txt", + // TODO - needs fixed, multi-line ASAN entry + "sanitizer_signal_abrt_unknown.txt", + ]; + + let skip_minimized_check = vec![ + "clang-10-asan-breakpoint.txt", + "asan-check-failure-missing-symbolizer.txt", + // TODO: handle seeing LLVMFuzzerTestOneInput but not seeing the + // source file name + "libfuzzer_deadly_signal.txt", + "lsan_direct_leak.txt", + ]; + check_dir(src_dir, expected_dir, skip_files, skip_minimized_check)?; + + Ok(()) + } +}