ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-18 04:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

provide parsed call stack details asan logs (#591)

Browse Source 
For a given entry in a call stack, this parses out the following: line, function name, function offset, source file name, source file line, module path, and module offset.

Additionally, this provides a code-generated libclusterfuzz port of the regular expressions used for stack minimization.

For an example of the minimization, instead of:
```json
[
"#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3",
"#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5",
"#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3",
"#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6",
"#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3",
"#5 0x7f1ee3f0188f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)",
"#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10",
"#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23",
"#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24",
"#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15",
"#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6",
"#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9","#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10",
"#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310",
]
```

The minimized call stack is:
```json
[
"Json::OurReader::parse(char const*, char const*, Json::Value&, bool)", 
"Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*)",
"json_fuzzer.cc"
]
```

This also provides a naïve function name list, which comes close to Clusterfuzz's function identification.

This would result in:
```json
[
    "Json::OurReader::parse",
    "Json::OurCharReader::parse",
    "json_fuzzer.cc"
]
```

Lastly, for our `stack hash` functionality used by the crash reporting task, those now provide the ability to specify the number of frames to include when building the hash.
This commit is contained in:
bmc-msft
2021-03-18 13:25:12 -04:00
committed by GitHub
parent 1174162af9
commit 34b2a739cb
52 changed files with 3386 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
src/agent/Cargo.lock generated
View File

@ -33,6 +33,15 @@ dependencies = [
"winapi 0.3.9", "winapi 0.3.9",
] ]
[[package]]
name = "ansi_term"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
dependencies = [
"winapi 0.3.9",
]
[[package]] [[package]]
name = "anyhow" name = "anyhow"
version = "1.0.38" version = "1.0.38"
@ -184,7 +193,7 @@ checksum = "36ea56748e10732c49404c153638a15ec3d6211ec5ff35d9bb20e13b93576adf"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -359,7 +368,7 @@ version = "2.33.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002"
dependencies = [ dependencies = [
"ansi_term", "ansi_term 0.11.0",
"atty", "atty",
"bitflags", "bitflags",
"strsim", "strsim",
@ -519,7 +528,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8f45d9ad417bcef4817d614a501ab55cdd96a6fdb24f49aab89a54acfd66b19" checksum = "e8f45d9ad417bcef4817d614a501ab55cdd96a6fdb24f49aab89a54acfd66b19"
dependencies = [ dependencies = [
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -556,9 +565,15 @@ checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]]
name = "diff"
version = "0.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e25ea47919b1560c4e3b7fe0aaab9becf5b84a10325ddf7db0f0ba5e1026499"
[[package]] [[package]]
name = "digest" name = "digest"
version = "0.9.0" version = "0.9.0"
@ -649,7 +664,7 @@ checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
"synstructure", "synstructure",
] ]
@ -731,7 +746,7 @@ checksum = "63f713f8b2aa9e24fec85b0e290c56caee12e3b6ae0aeeda238a75b28251afd6"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -882,7 +897,7 @@ dependencies = [
"proc-macro-hack", "proc-macro-hack",
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -1275,9 +1290,18 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.88" version = "0.2.89"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03b07a082330a35e43f63177cc01689da34fbffa0105e1246cf0311472cac73a" checksum = "538c092e5586f4cdd7dd8078c4a79220e3e168880218124dcbce860f0ea938c6"
[[package]]
name = "libclusterfuzz"
version = "0.0.1"
dependencies = [
"anyhow",
"lazy_static",
"regex",
]
[[package]] [[package]]
name = "libproc" name = "libproc"
@ -1397,9 +1421,9 @@ dependencies = [
[[package]] [[package]]
name = "mio" name = "mio"
version = "0.7.9" version = "0.7.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a5dede4e2065b3842b8b0af444119f3aa331cc7cc2dd20388bfb0f5d5a38823a" checksum = "2182a122f3b7f3f5329cb1972cee089ba2459a0a80a56935e6e674f096f8d839"
dependencies = [ dependencies = [
"libc", "libc",
"log", "log",
@ -1569,7 +1593,7 @@ dependencies = [
"fsevent-sys 3.0.2", "fsevent-sys 3.0.2",
"inotify 0.9.2", "inotify 0.9.2",
"libc", "libc",
"mio 0.7.9", "mio 0.7.10",
"walkdir", "walkdir",
"winapi 0.3.9", "winapi 0.3.9",
] ]
@ -1656,6 +1680,7 @@ dependencies = [
"serde_derive", "serde_derive",
"serde_json", "serde_json",
"sha2", "sha2",
"stacktrace-parser",
"storage-queue", "storage-queue",
"strum", "strum",
"strum_macros", "strum_macros",
@ -1691,6 +1716,7 @@ dependencies = [
"reqwest-retry", "reqwest-retry",
"serde", "serde",
"serde_json", "serde_json",
"stacktrace-parser",
"storage-queue", "storage-queue",
"tempfile", "tempfile",
"tokio", "tokio",
@ -1746,15 +1772,15 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]] [[package]]
name = "openssl" name = "openssl"
version = "0.10.32" version = "0.10.33"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "038d43985d1ddca7a9900630d8cd031b56e4794eecc2e9ea39dd17aa04399a70" checksum = "a61075b62a23fef5a29815de7536d940aa35ce96d18ce0cc5076272db678a577"
dependencies = [ dependencies = [
"bitflags", "bitflags",
"cfg-if 1.0.0", "cfg-if 1.0.0",
"foreign-types 0.3.2", "foreign-types 0.3.2",
"lazy_static",
"libc", "libc",
"once_cell",
"openssl-sys", "openssl-sys",
] ]
@ -1766,9 +1792,9 @@ checksum = "77af24da69f9d9341038eba93a073b1fdaaa1b788221b00a69bce9e762cb32de"
[[package]] [[package]]
name = "openssl-sys" name = "openssl-sys"
version = "0.9.60" version = "0.9.61"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "921fc71883267538946025deffb622905ecad223c28efbfdef9bb59a0175f3e6" checksum = "313752393519e876837e09e1fa183ddef0be7735868dced3196f4472d536277f"
dependencies = [ dependencies = [
"autocfg", "autocfg",
"cc", "cc",
@ -1787,6 +1813,15 @@ dependencies = [
"winapi 0.3.9", "winapi 0.3.9",
] ]
[[package]]
name = "output_vt100"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "53cdc5b785b7a58c5aad8216b3dfa114df64b0b06ae6e1501cef91df2fbdf8f9"
dependencies = [
"winapi 0.3.9",
]
[[package]] [[package]]
name = "parking" name = "parking"
version = "2.0.0" version = "2.0.0"
@ -1814,18 +1849,18 @@ dependencies = [
[[package]] [[package]]
name = "path-absolutize" name = "path-absolutize"
version = "3.0.6" version = "3.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a6ab2aaa5faefed84db46e4398eab15fa51325606462b5da8b0e230af3ac59a" checksum = "a7bf455a55d762f9ad0385747ba7fda9bd3dee9b40469bfb1c64c3aa6b073ee9"
dependencies = [ dependencies = [
"path-dedot", "path-dedot",
] ]
[[package]] [[package]]
name = "path-dedot" name = "path-dedot"
version = "3.0.7" version = "3.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "658c6e985fce9c25289fe7c86c08a3cbe82c19a3cd5b3bc5945c8c632552e460" checksum = "c7794b94034e62eef81e8b9ea0690b31f522fd38394ca51e7997d499d0372fb5"
dependencies = [ dependencies = [
"once_cell", "once_cell",
] ]
@ -1875,7 +1910,7 @@ checksum = "758669ae3558c6f74bd2a18b41f7ac0b5a195aea6639d6a9b5e5d1ad5ba24c0b"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -1927,6 +1962,18 @@ version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
[[package]]
name = "pretty_assertions"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f297542c27a7df8d45de2b0e620308ab883ad232d06c14b76ac3e144bda50184"
dependencies = [
"ansi_term 0.12.1",
"ctor",
"diff",
"output_vt100",
]
[[package]] [[package]]
name = "proc-macro-error" name = "proc-macro-error"
version = "1.0.4" version = "1.0.4"
@ -1936,7 +1983,7 @@ dependencies = [
"proc-macro-error-attr", "proc-macro-error-attr",
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
"version_check", "version_check",
] ]
@ -2164,9 +2211,9 @@ dependencies = [
[[package]] [[package]]
name = "regex" name = "regex"
version = "1.4.4" version = "1.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "54fd1046a3107eb58f42de31d656fee6853e5d276c455fd943742dce89fc3dd3" checksum = "957056ecddbeba1b26965114e191d2e8589ce74db242b6ea25fc4062427a5c19"
dependencies = [ dependencies = [
"aho-corasick", "aho-corasick",
"memchr", "memchr",
@ -2327,7 +2374,7 @@ checksum = "aaaae8f38bb311444cfb7f1979af0bc9240d95795f75f9ceddf6a59b79ceffa0"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2397,7 +2444,7 @@ checksum = "1800f7693e94e186f5e25a28291ae1570da908aff7d97a095dec1e56ff99069b"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2489,7 +2536,7 @@ checksum = "1508efa03c362e23817f96cde18abed596a25219a8b2c66e8db33c03543d315b"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2509,6 +2556,20 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "stacktrace-parser"
version = "0.1.0"
dependencies = [
"anyhow",
"hex",
"libclusterfuzz",
"pretty_assertions",
"regex",
"serde",
"serde_json",
"sha2",
]
[[package]] [[package]]
name = "static_assertions" name = "static_assertions"
version = "0.3.4" version = "0.3.4"
@ -2565,7 +2626,7 @@ dependencies = [
"proc-macro-error", "proc-macro-error",
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2583,7 +2644,7 @@ dependencies = [
"heck", "heck",
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2599,9 +2660,9 @@ dependencies = [
[[package]] [[package]]
name = "syn" name = "syn"
version = "1.0.63" version = "1.0.64"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fd9bc7ccc2688b3344c2f48b9b546648b25ce0b20fc717ee7fa7981a8ca9717" checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
@ -2616,7 +2677,7 @@ checksum = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
"unicode-xid 0.2.1", "unicode-xid 0.2.1",
] ]
@ -2700,7 +2761,7 @@ checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2760,7 +2821,7 @@ checksum = "e44da00bfc73a25f814cd8d7e57a68a5c31b74b3152a0a1d1f590c97ed06265a"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
] ]
[[package]] [[package]]
@ -2833,9 +2894,9 @@ checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642"
[[package]] [[package]]
name = "typenum" name = "typenum"
version = "1.12.0" version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06"
[[package]] [[package]]
name = "unicase" name = "unicase"
@ -2984,9 +3045,9 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
[[package]] [[package]]
name = "version_check" name = "version_check"
version = "0.9.2" version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed" checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
[[package]] [[package]]
name = "waker-fn" name = "waker-fn"
@ -3050,7 +3111,7 @@ dependencies = [
"log", "log",
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]
@ -3084,7 +3145,7 @@ checksum = "cc053ec74d454df287b9374ee8abb36ffd5acb95ba87da3ba5b7d3fe20eb401e"
dependencies = [ dependencies = [
"proc-macro2 1.0.24", "proc-macro2 1.0.24",
"quote 1.0.9", "quote 1.0.9",
"syn 1.0.63", "syn 1.0.64",
"wasm-bindgen-backend", "wasm-bindgen-backend",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]

2
src/agent/Cargo.toml
View File

@ -11,6 +11,8 @@ members = [
"reqwest-retry", "reqwest-retry",
"storage-queue", "storage-queue",
"win-util", "win-util",
"libclusterfuzz",
"stacktrace-parser",
] ]
[profile.release] [profile.release]

1
src/agent/libclusterfuzz/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
data

14
src/agent/libclusterfuzz/Cargo.toml Normal file
View File

@ -0,0 +1,14 @@
[package]
name = "libclusterfuzz"
version = "0.0.1"
authors = ["fuzzing@microsoft.com>"]
edition = "2018"
license = "Apache-2.0"
description = "Minimal porting of features from libclusterfuzz"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
anyhow = "1.0"
regex = "1.4"
lazy_static = "1.4"

202
src/agent/libclusterfuzz/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2019 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

11
src/agent/libclusterfuzz/README.md
View File

@ -1,3 +1,8 @@
An upcoming PR will include rust code ported from clusterfuzz. This is Please note, this is crate contains rust code generated from parsing python
intended to enable our component governance process to pick this up such that code from [clusterfuzz](https://github.com/google/clusterfuzz). All of the
we can have our legal review prior to the inclusion of the code. code from this project is labeled with Google's original copyright
statements.
However, any errors may be the result of a mistake in the code generation
process. As such, please file the issues with
[onefuzz](https://github.com/microsoft/onefuzz) first.

204
src/agent/libclusterfuzz/src/generated.rs Normal file
View File

@ -0,0 +1,204 @@
// Rust generated by Microsoft, code originally from:
// https://github.com/google/clusterfuzz/blob/master/src/
// python/lib/clusterfuzz/stacktraces/constants.py
//
// Original Copyright:
//
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
pub const STACK_FRAME_IGNORE_REGEXES: &[&str] = &[
r"^abort$",
r"^exit$",
r"^pthread_create$",
r"^pthread_kill$",
r"^raise$",
r"^tgkill$",
r"^(|__)aeabi_",
r"^(|__)memcmp",
r"^(|__)memcpy",
r"^(|__)memmove",
r"^(|__)memset",
r"^(|__)strcmp",
r"^(|__)strcpy",
r"^(|__)strdup",
r"^(|__)strlen",
r"^(|__)strncpy",
r"^<null>",
r"^Abort\(",
r"^CFCrash",
r"^ExitCallback",
r"^IsSandboxedProcess",
r"^LLVMFuzzerTestOneInput",
r"^MSanAtExitWrapper",
r"^New",
r"^RaiseException",
r"^SbSystemBreakIntoDebugger",
r"^SignalAction",
r"^SignalHandler",
r"^TestOneProtoInput",
r"^V8_Fatal",
r"^WTF::",
r"^WTFCrash",
r"^X11Error",
r"^_L_unlock_",
r"^_\$LT\$",
r"^__GI_",
r"^__asan::",
r"^__asan_",
r"^__assert_",
r"^__cxa_atexit",
r"^__cxa_rethrow",
r"^__cxa_throw",
r"^__dump_stack",
r"^__hwasan::",
r"^__hwasan_",
r"^__interceptor_",
r"^__kasan_",
r"^__libc_",
r"^__lsan::",
r"^__lsan_",
r"^__msan::",
r"^__msan_",
r"^__pthread_kill",
r"^__run_exit_handlers",
r"^__rust_try",
r"^__sanitizer::",
r"^__sanitizer_",
r"^__tsan::",
r"^__tsan_",
r"^__ubsan::",
r"^__ubsan_",
r"^_asan_",
r"^_hwasan_",
r"^_lsan_",
r"^_msan_",
r"^_objc_terminate",
r"^_sanitizer_",
r"^_start",
r"^_tsan_",
r"^_ubsan_",
r"^abort",
r"^alloc::",
r"^android\.app\.ActivityManagerProxy\.",
r"^android\.os\.Parcel\.",
r"^art::Thread::CreateNativeThread",
r"^asan_",
r"^asan\.module_ctor",
r"^asan\.module_dtor",
r"^calloc",
r"^check_memory_region",
r"^common_exit",
r"^delete",
r"^demangling_terminate_handler",
r"^dump_backtrace",
r"^dump_stack",
r"^exit_or_terminate_process",
r"^fpehandler\(",
r"^free",
r"^fuzzer::",
r"^g_log",
r"^generic_cpp_",
r"^gsignal",
r"^kasan_",
r"^libfuzzer_sys::initialize",
r"^main",
r"^malloc",
r"^mozalloc_",
r"^new",
r"^object_err",
r"^operator",
r"^print_trailer",
r"^realloc",
r"^rust_begin_unwind",
r"^rust_oom",
r"^scanf",
r"^show_stack",
r"^std::__terminate",
r"^std::panic",
r"^std::process::abort",
r"^std::sys::unix::abort",
r"^__scrt_common_main_seh",
r".*ASAN_OnSIGSEGV",
r".*BaseThreadInitThunk",
r".*DebugBreak",
r".*DefaultDcheckHandler",
r".*ForceCrashOnSigAbort",
r".*MemoryProtection::CMemoryProtector",
r".*PartitionAlloc",
r".*RtlFreeHeap",
r".*RtlInitializeExceptionChain",
r".*RtlReportCriticalFailure",
r".*RtlUserThreadStart",
r".*RtlpHeapHandleError",
r".*RtlpLogHeapFailure",
r".*SkDebugf",
r".*StackDumpSignalHandler",
r".*__android_log_assert",
r".*__tmainCRTStartup",
r".*_asan_rtl_",
r".*agent::asan::",
r".*allocator_shim",
r".*asan_Heap",
r".*asan_check_access",
r".*asan_osx_dynamic\.dylib",
r".*assert",
r".*base::FuzzedDataProvider",
r".*base::allocator",
r".*base::android::CheckException",
r".*base::debug::BreakDebugger",
r".*base::debug::CollectStackTrace",
r".*base::debug::StackTrace::StackTrace",
r".*ieee754\-",
r".*libpthread",
r".*logger",
r".*logging::CheckError",
r".*logging::ErrnoLogMessage",
r".*logging::LogMessage",
r".*stdext::exception::what",
r".*v8::base::OS::Abort",
r".* base/callback",
r".*/AOSP\-toolchain/",
r".*/bindings/ToV8\.h",
r".*/crosstool/",
r".*/gcc/",
r".*/glibc\-",
r".*/jemalloc/",
r".*/libc\+\+",
r".*/libc/",
r".*/llvm\-build/",
r".*/minkernel/crts/",
r".*/sanitizer_common/",
r".*/tcmalloc/",
r".*/vc/include/",
r".*/vctools/crt/",
r".*/win_toolchain/",
r".*libc\+\+/",
r".*/memorycmp\.c",
r".*\+Unknown",
r".*<unknown module>",
r".*Inline Function @",
r"^<unknown>$",
r"^\[vdso\]$",
r"^panic$",
r"^runtime\.",
r"^CrashTrampolineAsm",
r"^libc_io_functions_not_implemented_use_fdio_instead",
r"^<libclang_rt.asan.so>",
r"^__zx_panic",
r"^syslog::LogMessage",
r"^print_address_description",
r"^_etext",
];

47
src/agent/libclusterfuzz/src/lib.rs Normal file
View File

@ -0,0 +1,47 @@
// Rust generated by Microsoft, code originally from:
// https://github.com/google/clusterfuzz/blob/master/src/
// python/lib/clusterfuzz/stacktraces/constants.py
//
// Original Copyright:
//
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#[macro_use]
extern crate lazy_static;
use regex::RegexSet;
mod generated;
pub fn get_stack_filter() -> &'static RegexSet {
// NOTE: this is build upon first use, but we've verified these will compile
// using unit tests
lazy_static! {
static ref RE: RegexSet = RegexSet::new(generated::STACK_FRAME_IGNORE_REGEXES)
.expect("libclusterfuzz regex compile error");
}
&RE
}
#[cfg(test)]
mod tests {
use super::get_stack_filter;
#[test]
fn test_stack_filter() {
assert!(get_stack_filter().is_match("abort"));
assert!(!get_stack_filter().is_match("ContosoSaysHi"));
}
}

69
src/agent/libclusterfuzz/third-party/build.py vendored Normal file
View File

@ -0,0 +1,69 @@
#!/usr/bin/env python
#
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#
# NOTE: This code loads the `constants.py` from libclusterfuzz, then iterates
# over the entities in the module. As is, this is slightly fragile.
#
# As such, this should be a manual effort where we check in the results, that
# way we can make adjustments as needed.
import string
import constants
data = {}
NAME_CHECK = string.ascii_uppercase + "_"
HEADER = """
// Rust generated by Microsoft, code originally from:
// https://github.com/google/clusterfuzz/blob/master/src/
// python/lib/clusterfuzz/stacktraces/constants.py
//
// Original Copyright:
//
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
"""
for name in dir(constants):
if all(x in NAME_CHECK for x in name):
entry = getattr(constants, name)
if entry is None:
continue
data[name] = entry
for_rust = {
"STACK_FRAME_IGNORE_REGEXES": [
f'r"{x}"' for x in data["STACK_FRAME_IGNORE_REGEXES"]
],
}
with open("../src/generated.rs", "w") as handle:
handle.write(HEADER)
for key in sorted(for_rust.keys()):
if isinstance(for_rust[key], list):
value = ",".join(for_rust[key])
handle.write(f"pub const {key}: &[&str] = &[{value}];")
elif isinstance(for_rust[key], str):
value = for_rust[key]
handle.write(f"pub const {key}: &str = {value};")
else:
raise Exception('unsupported for_rust type')

0
src/agent/libclusterfuzz/third-party/crash_analysis/__init__.py vendored Normal file
View File

6
src/agent/libclusterfuzz/third-party/crash_analysis/stack_parsing.py vendored Normal file
View File

@ -0,0 +1,6 @@
# this is a stubbed out class to enable us to load `constants.py` during code
# generation.
class stack_parser:
def StackFrameSpec(*args, **kwargs):
pass

17
src/agent/libclusterfuzz/third-party/update.sh vendored Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#
set -ex
cd $(dirname "$(readlink -f "$0")")
git clone --depth 1 https://github.com/google/clusterfuzz clusterfuzz-src
mv clusterfuzz-src/src/python/lib/clusterfuzz/stacktraces/constants.py .
mkdir -p ../data/stack-traces
cp clusterfuzz-src/src/python/tests/core/crash_analysis/stack_parsing/stack_analyzer_data/*.txt ../data/stack-traces/
python build.py
rm -rf constants.py __pycache__ */__pycache__ clusterfuzz-src
(cd ../; cargo fmt)

1
src/agent/onefuzz-agent/Cargo.toml
View File

@ -33,6 +33,7 @@ onefuzz = { path = "../onefuzz" }
storage-queue = { path = "../storage-queue" } storage-queue = { path = "../storage-queue" }
reqwest-retry = { path = "../reqwest-retry" } reqwest-retry = { path = "../reqwest-retry" }
onefuzz-telemetry = { path = "../onefuzz-telemetry" } onefuzz-telemetry = { path = "../onefuzz-telemetry" }
stacktrace-parser = { path = "../stacktrace-parser" }
path-absolutize = "3.0.6" path-absolutize = "3.0.6"
[dev-dependencies] [dev-dependencies]

1
src/agent/onefuzz-agent/src/local/generic_crash_report.rs
View File

@ -58,6 +58,7 @@ pub fn build_report_config(
check_retry_count, check_retry_count,
check_queue, check_queue,
crashes, crashes,
minimized_stack_depth: None,
input_queue, input_queue,
no_repro, no_repro,
reports, reports,

1
src/agent/onefuzz-agent/src/local/libfuzzer_crash_report.rs
View File

@ -50,6 +50,7 @@ pub fn build_report_config(
target_timeout, target_timeout,
check_retry_count, check_retry_count,
check_fuzzer_help, check_fuzzer_help,
minimized_stack_depth: None,
input_queue, input_queue,
check_queue, check_queue,
crashes, crashes,

51
src/agent/onefuzz-agent/src/tasks/report/crash_report.rs
View File

@ -3,17 +3,17 @@
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use futures::StreamExt; use futures::StreamExt;
use onefuzz::{asan::AsanLog, blob::BlobUrl, monitor::DirectoryMonitor, syncdir::SyncedDir}; use onefuzz::{blob::BlobUrl, monitor::DirectoryMonitor, syncdir::SyncedDir};
use onefuzz_telemetry::{ use onefuzz_telemetry::{
Event::{new_report, new_unable_to_reproduce, new_unique_report}, Event::{new_report, new_unable_to_reproduce, new_unique_report},
EventData, EventData,
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use stacktrace_parser::CrashLog;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use uuid::Uuid; use uuid::Uuid;
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize, Default)]
pub struct CrashReport { pub struct CrashReport {
pub input_sha256: String, pub input_sha256: String,
@ -27,9 +27,18 @@ pub struct CrashReport {
pub crash_site: String, pub crash_site: String,
pub call_stack: Vec<String>, pub call_stack: Vec<String>,
pub call_stack_sha256: String, pub call_stack_sha256: String,
#[serde(default)]
pub minimized_stack: Vec<String>,
#[serde(default)]
pub minimized_stack_sha256: Option<String>,
#[serde(default)]
pub minimized_stack_function_names: Vec<String>,
#[serde(default)]
pub minimized_stack_function_names_sha256: Option<String>,
pub asan_log: Option<String>, pub asan_log: Option<String>,
pub task_id: Uuid, pub task_id: Uuid,
@ -123,24 +132,42 @@ impl From<BlobUrl> for InputBlob {
impl CrashReport { impl CrashReport {
pub fn new( pub fn new(
asan_log: AsanLog, crash_log: CrashLog,
task_id: Uuid, task_id: Uuid,
job_id: Uuid, job_id: Uuid,
executable: impl Into<PathBuf>, executable: impl Into<PathBuf>,
input_blob: Option<InputBlob>, input_blob: Option<InputBlob>,
input_sha256: String, input_sha256: String,
minimized_stack_depth: Option<usize>,
) -> Self { ) -> Self {
let call_stack_sha256 = crash_log.call_stack_sha256();
let minimized_stack_sha256 = if crash_log.minimized_stack.is_empty() {
None
} else {
Some(crash_log.minimized_stack_sha256(minimized_stack_depth))
};
let minimized_stack_function_names_sha256 =
if crash_log.minimized_stack_function_names.is_empty() {
None
} else {
Some(crash_log.minimized_stack_function_names_sha256(minimized_stack_depth))
};
Self { Self {
input_sha256, input_sha256,
input_blob, input_blob,
executable: executable.into(), executable: executable.into(),
crash_type: asan_log.fault_type().into(), crash_type: crash_log.fault_type,
crash_site: asan_log.summary().into(), crash_site: crash_log.summary,
call_stack: asan_log.call_stack().to_vec(), call_stack_sha256,
call_stack_sha256: asan_log.call_stack_sha256(), minimized_stack: crash_log.minimized_stack,
asan_log: Some(asan_log.text().to_string()), minimized_stack_sha256,
scariness_score: asan_log.scariness_score(), minimized_stack_function_names: crash_log.minimized_stack_function_names,
scariness_description: asan_log.scariness_description().to_owned(), minimized_stack_function_names_sha256,
call_stack: crash_log.call_stack,
asan_log: Some(crash_log.text),
scariness_score: crash_log.scariness_score,
scariness_description: crash_log.scariness_description,
task_id, task_id,
job_id, job_id,
} }

8
src/agent/onefuzz-agent/src/tasks/report/generic.rs
View File

@ -47,6 +47,9 @@ pub struct Config {
#[serde(default = "default_bool_true")] #[serde(default = "default_bool_true")]
pub check_queue: bool, pub check_queue: bool,
#[serde(default)]
pub minimized_stack_depth: Option<usize>,
#[serde(flatten)] #[serde(flatten)]
pub common: CommonConfig, pub common: CommonConfig,
} }
@ -132,6 +135,7 @@ impl<'a> GenericReportProcessor<'a> {
&self.config.target_exe, &self.config.target_exe,
input_blob, input_blob,
input_sha256, input_sha256,
self.config.minimized_stack_depth,
); );
Ok(CrashTestResult::CrashReport(crash_report)) Ok(CrashTestResult::CrashReport(crash_report))
} else if let Some(crash) = test_report.crash { } else if let Some(crash) = test_report.crash {
@ -144,11 +148,9 @@ impl<'a> GenericReportProcessor<'a> {
crash_type: crash.crash_type, crash_type: crash.crash_type,
crash_site: crash.crash_site, crash_site: crash.crash_site,
call_stack_sha256, call_stack_sha256,
asan_log: None,
scariness_score: None,
scariness_description: None,
task_id, task_id,
job_id, job_id,
..Default::default()
}; };
Ok(CrashTestResult::CrashReport(crash_report)) Ok(CrashTestResult::CrashReport(crash_report))

4
src/agent/onefuzz-agent/src/tasks/report/libfuzzer_report.rs
View File

@ -36,6 +36,9 @@ pub struct Config {
#[serde(default)] #[serde(default)]
pub check_retry_count: u64, pub check_retry_count: u64,
#[serde(default)]
pub minimized_stack_depth: Option<usize>,
#[serde(default = "default_bool_true")] #[serde(default = "default_bool_true")]
pub check_queue: bool, pub check_queue: bool,
@ -140,6 +143,7 @@ impl AsanProcessor {
&self.config.target_exe, &self.config.target_exe,
input_blob, input_blob,
input_sha256, input_sha256,
self.config.minimized_stack_depth,
); );
Ok(CrashTestResult::CrashReport(crash_report)) Ok(CrashTestResult::CrashReport(crash_report))
} }

1
src/agent/onefuzz/Cargo.toml
View File

@ -39,6 +39,7 @@ tempfile = "3.2"
process_control = "3.0" process_control = "3.0"
reqwest-retry = { path = "../reqwest-retry"} reqwest-retry = { path = "../reqwest-retry"}
onefuzz-telemetry = { path = "../onefuzz-telemetry"} onefuzz-telemetry = { path = "../onefuzz-telemetry"}
stacktrace-parser = { path = "../stacktrace-parser" }
[target.'cfg(target_os = "windows")'.dependencies] [target.'cfg(target_os = "windows")'.dependencies]
winreg = "0.8" winreg = "0.8"

297
src/agent/onefuzz/src/asan.rs
View File

@ -1,139 +1,13 @@
// Copyright (c) Microsoft Corporation. // Copyright (c) Microsoft Corporation.
// Licensed under the MIT License. // Licensed under the MIT License.
use crate::sha256; use anyhow::{Context, Result};
use anyhow::Result;
use regex::Regex;
use std::{collections::HashMap, hash::BuildHasher, path::Path}; use std::{collections::HashMap, hash::BuildHasher, path::Path};
use tokio::{fs, stream::StreamExt}; use tokio::{fs, stream::StreamExt};
pub use stacktrace_parser::CrashLog;
const ASAN_LOG_TRUNCATE_SIZE: usize = 4096; const ASAN_LOG_TRUNCATE_SIZE: usize = 4096;
#[derive(Clone, Debug)]
pub struct AsanLog {
text: String,
sanitizer: String,
summary: String,
fault_type: String,
call_stack: Vec<String>,
scariness_score: Option<u32>,
scariness_description: Option<String>,
}
impl AsanLog {
pub fn parse(text: String) -> Option<Self> {
let (summary, sanitizer, fault_type) = match parse_summary(&text) {
Some(x) => x,
None => parse_asan_runtime_error(&text)?,
};
let call_stack = parse_call_stack(&text).unwrap_or_else(Vec::default);
let (scariness_score, scariness_description) = match parse_scariness(&text) {
Some((x, y)) => (Some(x), Some(y)),
None => (None, None),
};
let log = Self {
text,
sanitizer,
summary,
fault_type,
call_stack,
scariness_score,
scariness_description,
};
Some(log)
}
pub fn text(&self) -> &str {
&self.text
}
pub fn summary(&self) -> &str {
&self.summary
}
pub fn fault_type(&self) -> &str {
&self.fault_type
}
pub fn call_stack(&self) -> &[String] {
&self.call_stack
}
pub fn call_stack_sha256(&self) -> String {
sha256::digest_iter(self.call_stack())
}
pub fn scariness_score(&self) -> Option<u32> {
self.scariness_score
}
pub fn scariness_description(&self) -> &Option<String> {
&self.scariness_description
}
}
fn parse_scariness(text: &str) -> Option<(u32, String)> {
let pattern = r"(?m)^SCARINESS: (\d+) \(([^\)]+)\)\r?$";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let index = u32::from_str_radix(captures.get(1)?.as_str(), 10).ok()?;
let value = captures.get(2)?.as_str().trim();
Some((index, value.into()))
}
fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> {
let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}
fn parse_summary(text: &str) -> Option<(String, String, String)> {
let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|odr-violation|[^ \n]+).*)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}
fn parse_call_stack(text: &str) -> Option<Vec<String>> {
let mut stack = vec![];
let mut parsing_stack = false;
for line in text.lines() {
let line = line.trim();
let is_frame = line.starts_with('#');
match (parsing_stack, is_frame) {
(true, true) => {
stack.push(line.to_string());
}
(true, false) => {
return Some(stack);
}
(false, true) => {
parsing_stack = true;
stack.push(line.to_string());
}
(false, false) => {
continue;
}
}
}
None
}
#[cfg(target_os = "windows")] #[cfg(target_os = "windows")]
pub fn add_asan_log_env<S: BuildHasher>(env: &mut HashMap<String, String, S>, asan_dir: &Path) { pub fn add_asan_log_env<S: BuildHasher>(env: &mut HashMap<String, String, S>, asan_dir: &Path) {
let asan_path = asan_dir.join("asan-log"); let asan_path = asan_dir.join("asan-log");
@ -174,176 +48,39 @@ pub fn add_asan_log_env<S: BuildHasher>(env: &mut HashMap<String, String, S>, as
} }
} }
pub async fn check_asan_string(mut data: String) -> Result<Option<AsanLog>> { pub async fn check_asan_string(mut data: String) -> Result<Option<CrashLog>> {
let asan = AsanLog::parse(data.clone()); match CrashLog::parse(data.clone()) {
if asan.is_some() { Ok(log) => Ok(Some(log)),
Ok(asan) Err(err) => {
} else {
if data.len() > ASAN_LOG_TRUNCATE_SIZE { if data.len() > ASAN_LOG_TRUNCATE_SIZE {
data.truncate(ASAN_LOG_TRUNCATE_SIZE); data.truncate(ASAN_LOG_TRUNCATE_SIZE);
data.push_str("...<truncated>"); data.push_str("...<truncated>");
} }
warn!("unable to parse asan log from string: {:?}", data); warn!(
"unable to parse asan log from string. error:{:?} data:{:?}",
err, data
);
Ok(None) Ok(None)
} }
}
} }
pub async fn check_asan_path(asan_dir: &Path) -> Result<Option<AsanLog>> { pub async fn check_asan_path(asan_dir: &Path) -> Result<Option<CrashLog>> {
let mut entries = fs::read_dir(asan_dir).await?; let mut entries = fs::read_dir(asan_dir).await?;
// there should be only up to one file in asan_dir // there should be only up to one file in asan_dir
if let Some(file) = entries.next().await { if let Some(file) = entries.next().await {
let file = file?; let file = file?;
let mut asan_text = fs::read_to_string(file.path()).await?; let mut asan_text = fs::read_to_string(file.path()).await?;
let asan = AsanLog::parse(asan_text.clone());
if asan.is_some() { let asan = CrashLog::parse(asan_text.clone()).with_context(|| {
return Ok(asan);
} else {
if asan_text.len() > ASAN_LOG_TRUNCATE_SIZE { if asan_text.len() > ASAN_LOG_TRUNCATE_SIZE {
asan_text.truncate(ASAN_LOG_TRUNCATE_SIZE); asan_text.truncate(ASAN_LOG_TRUNCATE_SIZE);
asan_text.push_str("...<truncated>"); asan_text.push_str("...<truncated>");
} }
bail!( format_err!("unable to parse asan log {}: {:?}")
"unable to parse asan log {}: {:?}", })?;
file.path().display(), return Ok(Some(asan));
asan_text
);
}
} }
Ok(None) Ok(None)
} }
#[cfg(test)]
mod tests {
use super::AsanLog;
#[test]
fn test_asan_log_parse() -> anyhow::Result<()> {
let test_cases = vec![
(
"data/libfuzzer-asan-log.txt",
"AddressSanitizer",
"heap-use-after-free",
7,
None,
None,
),
(
"data/libfuzzer-deadly-signal.txt",
"libFuzzer",
"deadly signal",
14,
None,
None,
),
(
"data/libfuzzer-windows-llvm10-out-of-memory-malloc.txt",
"libFuzzer",
"out-of-memory",
16,
None,
None,
),
(
"data/libfuzzer-windows-llvm10-out-of-memory-rss.txt",
"libFuzzer",
"out-of-memory",
0,
None,
None,
),
(
"data/libfuzzer-linux-llvm10-out-of-memory-malloc.txt",
"libFuzzer",
"out-of-memory",
15,
None,
None,
),
(
"data/libfuzzer-linux-llvm10-out-of-memory-rss.txt",
"libFuzzer",
"out-of-memory",
4,
None,
None,
),
(
"data/tsan-linux-llvm10-data-race.txt",
"ThreadSanitizer",
"data race",
1,
None,
None,
),
(
"data/clang-10-asan-breakpoint.txt",
"AddressSanitizer",
"breakpoint",
43,
None,
None,
),
(
"data/asan-check-failure.txt",
"AddressSanitizer",
"CHECK failed",
12,
None,
None,
),
(
"data/asan-check-failure-missing-symbolizer.txt",
"AddressSanitizer",
"CHECK failed",
12,
None,
None,
),
(
"data/libfuzzer-scariness.txt",
"AddressSanitizer",
"FPE",
9,
Some(10),
Some("signal".to_string()),
),
(
"data/libfuzzer-scariness-underflow.txt",
"AddressSanitizer",
"stack-buffer-underflow",
9,
Some(51),
Some("4-byte-write-stack-buffer-underflow".to_string()),
),
(
"data/asan-odr-violation.txt",
"AddressSanitizer",
"odr-violation",
2,
None,
None,
),
];
for (
log_path,
sanitizer,
fault_type,
call_stack_len,
scariness_score,
scariness_description,
) in test_cases
{
let data = std::fs::read_to_string(log_path)?;
let log = AsanLog::parse(data).unwrap();
assert_eq!(log.sanitizer, sanitizer);
assert_eq!(log.fault_type, fault_type);
assert_eq!(log.call_stack.len(), call_stack_len);
assert_eq!(log.scariness_score, scariness_score);
assert_eq!(log.scariness_description, scariness_description);
}
Ok(())
}
}

10
src/agent/onefuzz/src/expand.rs
View File

@ -369,7 +369,7 @@ impl<'a> Expand<'a> {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::Expand; use super::Expand;
use anyhow::Result; use anyhow::{Context, Result};
use std::path::Path; use std::path::Path;
#[test] #[test]
@ -415,8 +415,8 @@ mod tests {
]; ];
// The paths need to exist for canonicalization. // The paths need to exist for canonicalization.
let input_path = "data/libfuzzer-asan-log.txt"; let input_path = "src/lib.rs";
let input_corpus_dir = "data"; let input_corpus_dir = "src";
let generated_inputs_dir = "src"; let generated_inputs_dir = "src";
let result = Expand::new() let result = Expand::new()
@ -430,7 +430,7 @@ mod tests {
let expected_input_corpus = input_corpus_path.to_string_lossy(); let expected_input_corpus = input_corpus_path.to_string_lossy();
let generated_inputs_path = dunce::canonicalize(generated_inputs_dir)?; let generated_inputs_path = dunce::canonicalize(generated_inputs_dir)?;
let expected_generated_inputs = generated_inputs_path.to_string_lossy(); let expected_generated_inputs = generated_inputs_path.to_string_lossy();
let input_full_path = dunce::canonicalize(input_path)?; let input_full_path = dunce::canonicalize(input_path).context("canonicalize failed")?;
let expected_input = input_full_path.to_string_lossy(); let expected_input = input_full_path.to_string_lossy();
let expected_options = format!( let expected_options = format!(
"inner {} then {} {}", "inner {} then {} {}",
@ -447,7 +447,7 @@ mod tests {
"c", "c",
&expected_options, &expected_options,
"d", "d",
"libfuzzer-asan-log", "lib",
&expected_input, &expected_input,
&expected_input &expected_input
] ]

5
src/agent/onefuzz/src/input_tester.rs
View File

@ -4,12 +4,13 @@
#![allow(clippy::len_zero)] #![allow(clippy::len_zero)]
use crate::{ use crate::{
asan::{add_asan_log_env, check_asan_path, check_asan_string, AsanLog}, asan::{add_asan_log_env, check_asan_path, check_asan_string},
env::{get_path_with_directory, update_path, LD_LIBRARY_PATH, PATH}, env::{get_path_with_directory, update_path, LD_LIBRARY_PATH, PATH},
expand::Expand, expand::Expand,
process::run_cmd, process::run_cmd,
}; };
use anyhow::{Error, Result}; use anyhow::{Error, Result};
use stacktrace_parser::CrashLog;
use std::{collections::HashMap, path::Path, time::Duration}; use std::{collections::HashMap, path::Path, time::Duration};
use tempfile::tempdir; use tempfile::tempdir;
@ -40,7 +41,7 @@ pub struct Crash {
#[derive(Debug)] #[derive(Debug)]
pub struct TestResult { pub struct TestResult {
pub crash: Option<Crash>, pub crash: Option<Crash>,
pub asan_log: Option<AsanLog>, pub asan_log: Option<CrashLog>,
pub error: Option<Error>, pub error: Option<Error>,
} }

17
src/agent/stacktrace-parser/Cargo.toml Normal file
View File

@ -0,0 +1,17 @@
[package]
name = "stacktrace-parser"
version = "0.1.0"
authors = ["<fuzzing@microsoft.com>"]
edition = "2018"
[dependencies]
anyhow = "1.0"
hex = "0.4"
regex = "1.4"
sha2 = "0.9"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
libclusterfuzz = { path = "../libclusterfuzz" }
[dev-dependencies]
pretty_assertions = "0.7"

168
src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure-missing-symbolizer.json Normal file
View File

@ -0,0 +1,168 @@
{
"text": "=================================================================\n==15479==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 \"((0 && \"Address is not in memory and not in shadow?\")) != (0)\" (0x0, 0x0)\n==15479==WARNING: invalid path to external symbolizer!\n==15479==WARNING: Failed to use and restart external symbolizer!\n #0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)\n #1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)\n #2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)\n #3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)\n #4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)\n #5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)\n #6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)\n #7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)\n #8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)\n #9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)\n #10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)\n #11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)\n\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80",
"fault_type": "CHECK failed",
"call_stack": [
"#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)",
"#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)",
"#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)",
"#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)",
"#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)",
"#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)",
"#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)",
"#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)",
"#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)",
"#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)",
"#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)",
"#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)"
],
"full_stack_details": [
{
"line": "#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)",
"address": 4827438,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4827438
},
{
"line": "#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)",
"address": 4910911,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4910911
},
{
"line": "#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)",
"address": 4338966,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4338966
},
{
"line": "#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)",
"address": 4343222,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4343222
},
{
"line": "#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)",
"address": 4350386,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4350386
},
{
"line": "#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)",
"address": 4817280,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4817280
},
{
"line": "#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)",
"address": 4714241,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4714241
},
{
"line": "#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)",
"address": 4989475,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4989475
},
{
"line": "#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)",
"address": 4990647,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4990647
},
{
"line": "#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)",
"address": 4990797,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4990797
},
{
"line": "#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)",
"address": 140737335405558,
"module_path": "/lib/x86_64-linux-gnu/libc.so.6",
"module_offset": 138230
},
{
"line": "#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)",
"address": 4303673,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4303673
}
],
"minimized_stack_details": [
{
"line": "#0 0x49a92e (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)",
"address": 4827438,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4827438
},
{
"line": "#1 0x4aef3f (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)",
"address": 4910911,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4910911
},
{
"line": "#2 0x423516 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)",
"address": 4338966,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4338966
},
{
"line": "#3 0x4245b6 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)",
"address": 4343222,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4343222
},
{
"line": "#4 0x4261b2 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)",
"address": 4350386,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4350386
},
{
"line": "#5 0x498180 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)",
"address": 4817280,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4817280
},
{
"line": "#6 0x47ef01 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)",
"address": 4714241,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4714241
},
{
"line": "#7 0x4c2223 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c2223)",
"address": 4989475,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4989475
},
{
"line": "#8 0x4c26b7 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c26b7)",
"address": 4990647,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4990647
},
{
"line": "#9 0x4c274d (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4c274d)",
"address": 4990797,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4990797
},
{
"line": "#10 0x7ffff6e22bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)",
"address": 140737335405558,
"module_path": "/lib/x86_64-linux-gnu/libc.so.6",
"module_offset": 138230
},
{
"line": "#11 0x41ab39 (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)",
"address": 4303673,
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4303673
}
]
}

155
src/agent/stacktrace-parser/data/parsed-traces/asan-check-failure.json Normal file
View File

@ -0,0 +1,155 @@
{
"text": "=================================================================\n==31189==AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80 \"((0 && \"Address is not in memory and not in shadow?\")) != (0)\" (0x0, 0x0)\n #0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)\n #1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)\n #2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)\n #3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)\n #4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)\n #5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)\n #6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)\n #7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3\n #8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12\n #9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12\n #10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310\n #11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)\n\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer CHECK failed: /build/llvm-toolchain-9-uSl4bC/llvm-toolchain-9-9/projects/compiler-rt/lib/asan/asan_descriptions.cc:80",
"fault_type": "CHECK failed",
"call_stack": [
"#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)",
"#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)",
"#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)",
"#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)",
"#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)",
"#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)",
"#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)",
"#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3",
"#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12",
"#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12",
"#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310",
"#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)"
],
"full_stack_details": [
{
"line": "#0 0x49a92e in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x49a92e)",
"address": 4827438,
"function_name": "__asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4827438
},
{
"line": "#1 0x4aef3f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4aef3f)",
"address": 4910911,
"function_name": "__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4910911
},
{
"line": "#2 0x423516 in __asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x423516)",
"address": 4338966,
"function_name": "__asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4338966
},
{
"line": "#3 0x4245b6 in __asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4245b6)",
"address": 4343222,
"function_name": "__asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4343222
},
{
"line": "#4 0x4261b2 in __asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x4261b2)",
"address": 4350386,
"function_name": "__asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4350386
},
{
"line": "#5 0x498180 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x498180)",
"address": 4817280,
"function_name": "__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4817280
},
{
"line": "#6 0x47ef01 in strncpy (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x47ef01)",
"address": 4714241,
"function_name": "strncpy",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4714241
},
{
"line": "#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3",
"address": 4989475,
"function_name": "check",
"function_offset": 3,
"source_file_name": "fuzz.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c",
"source_file_line": 21
},
{
"line": "#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12",
"address": 4990647,
"function_name": "from_file",
"function_offset": 12,
"source_file_name": "fuzz.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c",
"source_file_line": 67
},
{
"line": "#9 0x4c274d in main /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:81:12",
"address": 4990797,
"function_name": "main",
"function_offset": 12,
"source_file_name": "fuzz.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c",
"source_file_line": 81
},
{
"line": "#10 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c:310",
"address": 140737335405558,
"function_name": "__libc_start_main",
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-S7xCS9/glibc-2.27/csu/../csu/libc-start.c",
"source_file_line": 310
},
{
"line": "#11 0x41ab39 in _start (/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe+0x41ab39)",
"address": 4303673,
"function_name": "_start",
"module_path": "/onefuzz/blob-containers/oft-setup-7dd77f97cb7557789a822f10f227df19/fuzz.exe",
"module_offset": 4303673
}
],
"full_stack_names": [
"__asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)",
"__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)",
"__asan::GetShadowAddressInformation(unsigned long, __asan::ShadowAddressDescription*)",
"__asan::AddressDescription::AddressDescription(unsigned long, unsigned long, bool)",
"__asan::ErrorGeneric::ErrorGeneric(unsigned int, unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long)",
"__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)",
"strncpy",
"check",
"from_file",
"main",
"__libc_start_main",
"_start"
],
"minimized_stack_details": [
{
"line": "#7 0x4c2223 in check /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:21:3",
"address": 4989475,
"function_name": "check",
"function_offset": 3,
"source_file_name": "fuzz.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c",
"source_file_line": 21
},
{
"line": "#8 0x4c26b7 in from_file /home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c:67:12",
"address": 4990647,
"function_name": "from_file",
"function_offset": 12,
"source_file_name": "fuzz.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/trivial-crash/fuzz.c",
"source_file_line": 67
}
],
"minimized_stack": [
"check",
"from_file"
],
"minimized_stack_function_names": [
"check",
"from_file"
]
}

32
src/agent/stacktrace-parser/data/parsed-traces/asan-odr-violation.json Normal file
View File

@ -0,0 +1,32 @@
{
"text": "=================================================================\n==10896==ERROR: AddressSanitizer: odr-violation (0x7fffc6d5bd60):\n [1] size=64 'vtable for a::b' ../../a/b.cc\n [2] size=64 'vtable for a::b' ../../a/b.cc\nThese globals were registered at these points:\n [1]:\n #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3\n #1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)\n\n [2]:\n #0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3\n #1 0x7fffc6d58ccb in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libx11_window.so+0x46ccb)\n\n==10896==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0\nSUMMARY: AddressSanitizer: odr-violation: global 'vtable for a::b' at ../../a/b.cc\n==10896==ABORTING",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer: odr-violation: global 'vtable for a::b' at ../../a/b.cc",
"fault_type": "odr-violation",
"call_stack": [
"#0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3",
"#1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)"
],
"full_stack_details": [
{
"line": "#0 0x555556716bcd in __asan_register_globals /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp:360:3",
"address": 93825010854861,
"function_name": "__asan_register_globals",
"function_offset": 3,
"source_file_name": "asan_globals.cpp",
"source_file_path": "/b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_globals.cpp",
"source_file_line": 360
},
{
"line": "#1 0x7fff9886d28b in asan.module_ctor (/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so+0xb0228b)",
"address": 140735752360587,
"function_name": "asan.module_ctor",
"module_path": "/onefuzz/blob-containers/oft-setup-b9607df0891452adabf9aab8954aa772/libviews.so",
"module_offset": 11543179
}
],
"full_stack_names": [
"__asan_register_globals",
"asan.module_ctor"
]
}

571
src/agent/stacktrace-parser/data/parsed-traces/clang-10-asan-breakpoint.json Normal file
View File

@ -0,0 +1,571 @@
{
"text": "=================================================================\n==24004==ERROR: AddressSanitizer: breakpoint on unknown address 0x000000000000 (pc 0x7ffd10f6e42d bp 0x009369dfde00 sp 0x009369dfdd30 T0)\n==24004==The signal is caused by a READ memory access.\n==24004==Hint: address points to the zero page.\n==24004==*** WARNING: Failed to initialize DbgHelp! ***\n==24004==*** Most likely this means that the app is already ***\n==24004==*** using DbgHelp, possibly with incompatible flags. ***\n==24004==*** Due to technical reasons, symbolization might crash ***\n==24004==*** or produce wrong results. ***\n #0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)\n #1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)\n #2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)\n #3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)\n #4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)\n #5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)\n #6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)\n #7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)\n #8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)\n #9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)\n #10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)\n #11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)\n #12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)\n #13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)\n #14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)\n #15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)\n #16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)\n #17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)\n #18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)\n #19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)\n #20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)\n #21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)\n #22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)\n #23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)\n #24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)\n #25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)\n #26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)\n #27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)\n #28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)\n #29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)\n #30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)\n #31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)\n #32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)\n #33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)\n #34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)\n #35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)\n #36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)\n #37 0x7ffd0677162b (C:\\test.dll+0x18000162b)\n #38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)\n #39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)\n #40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)\n #41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)\n #42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: breakpoint (C:\\test.dll+0x18a7fe42c) \n==24004==ABORTING\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer: breakpoint (C:\\test.dll+0x18a7fe42c)",
"fault_type": "breakpoint",
"call_stack": [
"#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)",
"#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)",
"#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)",
"#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)",
"#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)",
"#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)",
"#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)",
"#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)",
"#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)",
"#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)",
"#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)",
"#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)",
"#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)",
"#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)",
"#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)",
"#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)",
"#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)",
"#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)",
"#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)",
"#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)",
"#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)",
"#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)",
"#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)",
"#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)",
"#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)",
"#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)",
"#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)",
"#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)",
"#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)",
"#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)",
"#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)",
"#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)",
"#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)",
"#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)",
"#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)",
"#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)",
"#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)",
"#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)",
"#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)",
"#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)",
"#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)",
"#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)",
"#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)"
],
"full_stack_details": [
{
"line": "#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)",
"address": 140724888069164,
"module_path": "C:\\test.dll",
"module_offset": 6618604588
},
{
"line": "#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)",
"address": 140724886650399,
"module_path": "C:\\test.dll",
"module_offset": 6617185823
},
{
"line": "#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)",
"address": 140724886658015,
"module_path": "C:\\test.dll",
"module_offset": 6617193439
},
{
"line": "#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)",
"address": 140724782963392,
"module_path": "C:\\test.dll",
"module_offset": 6513498816
},
{
"line": "#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)",
"address": 140724786206471,
"module_path": "C:\\test.dll",
"module_offset": 6516741895
},
{
"line": "#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)",
"address": 140724776771880,
"module_path": "C:\\test.dll",
"module_offset": 6507307304
},
{
"line": "#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)",
"address": 140724776771286,
"module_path": "C:\\test.dll",
"module_offset": 6507306710
},
{
"line": "#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)",
"address": 140724787392515,
"module_path": "C:\\test.dll",
"module_offset": 6517927939
},
{
"line": "#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)",
"address": 140724787244204,
"module_path": "C:\\test.dll",
"module_offset": 6517779628
},
{
"line": "#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)",
"address": 140724787242794,
"module_path": "C:\\test.dll",
"module_offset": 6517778218
},
{
"line": "#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)",
"address": 140724787242547,
"module_path": "C:\\test.dll",
"module_offset": 6517777971
},
{
"line": "#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)",
"address": 140724796094974,
"module_path": "C:\\test.dll",
"module_offset": 6526630398
},
{
"line": "#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)",
"address": 140724796992709,
"module_path": "C:\\test.dll",
"module_offset": 6527528133
},
{
"line": "#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)",
"address": 140724796944361,
"module_path": "C:\\test.dll",
"module_offset": 6527479785
},
{
"line": "#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)",
"address": 140724796942019,
"module_path": "C:\\test.dll",
"module_offset": 6527477443
},
{
"line": "#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)",
"address": 140724795954382,
"module_path": "C:\\test.dll",
"module_offset": 6526489806
},
{
"line": "#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)",
"address": 140724795952873,
"module_path": "C:\\test.dll",
"module_offset": 6526488297
},
{
"line": "#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)",
"address": 140724795910325,
"module_path": "C:\\test.dll",
"module_offset": 6526445749
},
{
"line": "#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)",
"address": 140724795913208,
"module_path": "C:\\test.dll",
"module_offset": 6526448632
},
{
"line": "#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)",
"address": 140724795914359,
"module_path": "C:\\test.dll",
"module_offset": 6526449783
},
{
"line": "#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)",
"address": 140724800434826,
"module_path": "C:\\test.dll",
"module_offset": 6530970250
},
{
"line": "#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)",
"address": 140724887469193,
"module_path": "C:\\test.dll",
"module_offset": 6618004617
},
{
"line": "#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)",
"address": 140724933292318,
"module_path": "C:\\test.dll",
"module_offset": 6663827742
},
{
"line": "#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)",
"address": 140724933290026,
"module_path": "C:\\test.dll",
"module_offset": 6663825450
},
{
"line": "#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)",
"address": 140724888203568,
"module_path": "C:\\test.dll",
"module_offset": 6618738992
},
{
"line": "#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)",
"address": 140724888194095,
"module_path": "C:\\test.dll",
"module_offset": 6618729519
},
{
"line": "#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)",
"address": 140724933298227,
"module_path": "C:\\test.dll",
"module_offset": 6663833651
},
{
"line": "#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)",
"address": 140724887153905,
"module_path": "C:\\test.dll",
"module_offset": 6617689329
},
{
"line": "#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)",
"address": 140724928549993,
"module_path": "C:\\test.dll",
"module_offset": 6659085417
},
{
"line": "#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)",
"address": 140724770850643,
"module_path": "C:\\test.dll",
"module_offset": 6501386067
},
{
"line": "#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)",
"address": 140724770874475,
"module_path": "C:\\test.dll",
"module_offset": 6501409899
},
{
"line": "#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)",
"address": 140724770819056,
"module_path": "C:\\test.dll",
"module_offset": 6501354480
},
{
"line": "#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)",
"address": 140724883564669,
"module_path": "C:\\test.dll",
"module_offset": 6614100093
},
{
"line": "#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)",
"address": 140724883575328,
"module_path": "C:\\test.dll",
"module_offset": 6614110752
},
{
"line": "#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)",
"address": 140724883571708,
"module_path": "C:\\test.dll",
"module_offset": 6614107132
},
{
"line": "#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)",
"address": 140724884351852,
"module_path": "C:\\test.dll",
"module_offset": 6614887276
},
{
"line": "#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)",
"address": 140724883564100,
"module_path": "C:\\test.dll",
"module_offset": 6614099524
},
{
"line": "#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)",
"address": 140724711921195,
"module_path": "C:\\test.dll",
"module_offset": 6442456619
},
{
"line": "#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)",
"address": 140697199996886,
"module_path": "C:\\test.exe",
"module_offset": 5368737750
},
{
"line": "#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)",
"address": 140697199983924,
"module_path": "C:\\test.exe",
"module_offset": 5368724788
},
{
"line": "#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)",
"address": 140697205359407,
"module_path": "C:\\test.exe",
"module_offset": 5374100271
},
{
"line": "#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)",
"address": 140727757467603,
"module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL",
"module_offset": 6442545107
},
{
"line": "#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)",
"address": 140727762931392,
"module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll",
"module_offset": 6442766016
}
],
"minimized_stack_details": [
{
"line": "#0 0x7ffd10f6e42c (C:\\test.dll+0x18a7fe42c)",
"address": 140724888069164,
"module_path": "C:\\test.dll",
"module_offset": 6618604588
},
{
"line": "#1 0x7ffd10e13e1f (C:\\test.dll+0x18a6a3e1f)",
"address": 140724886650399,
"module_path": "C:\\test.dll",
"module_offset": 6617185823
},
{
"line": "#2 0x7ffd10e15bdf (C:\\test.dll+0x18a6a5bdf)",
"address": 140724886658015,
"module_path": "C:\\test.dll",
"module_offset": 6617193439
},
{
"line": "#3 0x7ffd0ab31ac0 (C:\\test.dll+0x1843c1ac0)",
"address": 140724782963392,
"module_path": "C:\\test.dll",
"module_offset": 6513498816
},
{
"line": "#4 0x7ffd0ae49707 (C:\\test.dll+0x1846d9707)",
"address": 140724786206471,
"module_path": "C:\\test.dll",
"module_offset": 6516741895
},
{
"line": "#5 0x7ffd0a54a128 (C:\\test.dll+0x183dda128)",
"address": 140724776771880,
"module_path": "C:\\test.dll",
"module_offset": 6507307304
},
{
"line": "#6 0x7ffd0a549ed6 (C:\\test.dll+0x183dd9ed6)",
"address": 140724776771286,
"module_path": "C:\\test.dll",
"module_offset": 6507306710
},
{
"line": "#7 0x7ffd0af6b003 (C:\\test.dll+0x1847fb003)",
"address": 140724787392515,
"module_path": "C:\\test.dll",
"module_offset": 6517927939
},
{
"line": "#8 0x7ffd0af46cac (C:\\test.dll+0x1847d6cac)",
"address": 140724787244204,
"module_path": "C:\\test.dll",
"module_offset": 6517779628
},
{
"line": "#9 0x7ffd0af4672a (C:\\test.dll+0x1847d672a)",
"address": 140724787242794,
"module_path": "C:\\test.dll",
"module_offset": 6517778218
},
{
"line": "#10 0x7ffd0af46633 (C:\\test.dll+0x1847d6633)",
"address": 140724787242547,
"module_path": "C:\\test.dll",
"module_offset": 6517777971
},
{
"line": "#11 0x7ffd0b7b79fe (C:\\test.dll+0x1850479fe)",
"address": 140724796094974,
"module_path": "C:\\test.dll",
"module_offset": 6526630398
},
{
"line": "#12 0x7ffd0b892cc5 (C:\\test.dll+0x185122cc5)",
"address": 140724796992709,
"module_path": "C:\\test.dll",
"module_offset": 6527528133
},
{
"line": "#13 0x7ffd0b886fe9 (C:\\test.dll+0x185116fe9)",
"address": 140724796944361,
"module_path": "C:\\test.dll",
"module_offset": 6527479785
},
{
"line": "#14 0x7ffd0b8866c3 (C:\\test.dll+0x1851166c3)",
"address": 140724796942019,
"module_path": "C:\\test.dll",
"module_offset": 6527477443
},
{
"line": "#15 0x7ffd0b7954ce (C:\\test.dll+0x1850254ce)",
"address": 140724795954382,
"module_path": "C:\\test.dll",
"module_offset": 6526489806
},
{
"line": "#16 0x7ffd0b794ee9 (C:\\test.dll+0x185024ee9)",
"address": 140724795952873,
"module_path": "C:\\test.dll",
"module_offset": 6526488297
},
{
"line": "#17 0x7ffd0b78a8b5 (C:\\test.dll+0x18501a8b5)",
"address": 140724795910325,
"module_path": "C:\\test.dll",
"module_offset": 6526445749
},
{
"line": "#18 0x7ffd0b78b3f8 (C:\\test.dll+0x18501b3f8)",
"address": 140724795913208,
"module_path": "C:\\test.dll",
"module_offset": 6526448632
},
{
"line": "#19 0x7ffd0b78b877 (C:\\test.dll+0x18501b877)",
"address": 140724795914359,
"module_path": "C:\\test.dll",
"module_offset": 6526449783
},
{
"line": "#20 0x7ffd0bbdb28a (C:\\test.dll+0x18546b28a)",
"address": 140724800434826,
"module_path": "C:\\test.dll",
"module_offset": 6530970250
},
{
"line": "#21 0x7ffd10edbc89 (C:\\test.dll+0x18a76bc89)",
"address": 140724887469193,
"module_path": "C:\\test.dll",
"module_offset": 6618004617
},
{
"line": "#22 0x7ffd13a8f11e (C:\\test.dll+0x18d31f11e)",
"address": 140724933292318,
"module_path": "C:\\test.dll",
"module_offset": 6663827742
},
{
"line": "#23 0x7ffd13a8e82a (C:\\test.dll+0x18d31e82a)",
"address": 140724933290026,
"module_path": "C:\\test.dll",
"module_offset": 6663825450
},
{
"line": "#24 0x7ffd10f8f130 (C:\\test.dll+0x18a81f130)",
"address": 140724888203568,
"module_path": "C:\\test.dll",
"module_offset": 6618738992
},
{
"line": "#25 0x7ffd10f8cc2f (C:\\test.dll+0x18a81cc2f)",
"address": 140724888194095,
"module_path": "C:\\test.dll",
"module_offset": 6618729519
},
{
"line": "#26 0x7ffd13a90833 (C:\\test.dll+0x18d320833)",
"address": 140724933298227,
"module_path": "C:\\test.dll",
"module_offset": 6663833651
},
{
"line": "#27 0x7ffd10e8ecf1 (C:\\test.dll+0x18a71ecf1)",
"address": 140724887153905,
"module_path": "C:\\test.dll",
"module_offset": 6617689329
},
{
"line": "#28 0x7ffd13609469 (C:\\test.dll+0x18ce99469)",
"address": 140724928549993,
"module_path": "C:\\test.dll",
"module_offset": 6659085417
},
{
"line": "#29 0x7ffd09fa4753 (C:\\test.dll+0x183834753)",
"address": 140724770850643,
"module_path": "C:\\test.dll",
"module_offset": 6501386067
},
{
"line": "#30 0x7ffd09faa46b (C:\\test.dll+0x18383a46b)",
"address": 140724770874475,
"module_path": "C:\\test.dll",
"module_offset": 6501409899
},
{
"line": "#31 0x7ffd09f9cbf0 (C:\\test.dll+0x18382cbf0)",
"address": 140724770819056,
"module_path": "C:\\test.dll",
"module_offset": 6501354480
},
{
"line": "#32 0x7ffd10b2287d (C:\\test.dll+0x18a3b287d)",
"address": 140724883564669,
"module_path": "C:\\test.dll",
"module_offset": 6614100093
},
{
"line": "#33 0x7ffd10b25220 (C:\\test.dll+0x18a3b5220)",
"address": 140724883575328,
"module_path": "C:\\test.dll",
"module_offset": 6614110752
},
{
"line": "#34 0x7ffd10b243fc (C:\\test.dll+0x18a3b43fc)",
"address": 140724883571708,
"module_path": "C:\\test.dll",
"module_offset": 6614107132
},
{
"line": "#35 0x7ffd10be2b6c (C:\\test.dll+0x18a472b6c)",
"address": 140724884351852,
"module_path": "C:\\test.dll",
"module_offset": 6614887276
},
{
"line": "#36 0x7ffd10b22644 (C:\\test.dll+0x18a3b2644)",
"address": 140724883564100,
"module_path": "C:\\test.dll",
"module_offset": 6614099524
},
{
"line": "#37 0x7ffd0677162b (C:\\test.dll+0x18000162b)",
"address": 140724711921195,
"module_path": "C:\\test.dll",
"module_offset": 6442456619
},
{
"line": "#38 0x7ff69ea06fd6 (C:\\test.exe+0x140006fd6)",
"address": 140697199996886,
"module_path": "C:\\test.exe",
"module_offset": 5368737750
},
{
"line": "#39 0x7ff69ea03d34 (C:\\test.exe+0x140003d34)",
"address": 140697199983924,
"module_path": "C:\\test.exe",
"module_offset": 5368724788
},
{
"line": "#40 0x7ff69ef2432f (C:\\test.exe+0x14052432f)",
"address": 140697205359407,
"module_path": "C:\\test.exe",
"module_offset": 5374100271
},
{
"line": "#41 0x7ffdbbfe6fd3 (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)",
"address": 140727757467603,
"module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL",
"module_offset": 6442545107
},
{
"line": "#42 0x7ffdbc51cec0 (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)",
"address": 140727762931392,
"module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll",
"module_offset": 6442766016
}
]
}

95
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-asan-log.json Normal file
View File

@ -0,0 +1,95 @@
{
"text": "INFO: Seed: 2746158486\nINFO: Loaded 1 modules (21 inline 8-bit counters): 21 [0x766ef0, 0x766f05), \nINFO: Loaded 1 PC tables (21 PCs): 21 [0x542fd0,0x543120), \n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: crash-cbe07cd3ebaba15610ecd968c4e4a04c6643e534\n=================================================================\n==17066==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000050 at pc 0x000000527476 bp 0x7ffeb9b631d0 sp 0x7ffeb9b631c8\nWRITE of size 4 at 0x602000000050 thread T0\n #0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51\n #1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n #6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)\n\n0x602000000050 is located 0 bytes inside of 4-byte region [0x602000000050,0x602000000054)\nfreed by thread T0 here:\n #0 0x4f72e2 in free (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x4f72e2)\n #1 0x52742f in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:39\n #2 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #3 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #4 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #5 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #6 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\npreviously allocated by thread T0 here:\n #0 0x4f7663 in __interceptor_malloc (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x4f7663)\n #1 0x527419 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:18\n #2 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)\n #3 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)\n #4 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)\n #5 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)\n #6 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\nSUMMARY: AddressSanitizer: heap-use-after-free /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51 in LLVMFuzzerTestOneInput\nShadow bytes around the buggy address:\n 0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x0c047fff8000: fa fa 04 fa fa fa 04 fa fa fa[fd]fa fa fa fa fa\n 0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==17066==ABORTING\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer: heap-use-after-free /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51 in LLVMFuzzerTestOneInput",
"fault_type": "heap-use-after-free",
"call_stack": [
"#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51",
"#1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)",
"#2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)",
"#3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)",
"#4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)",
"#5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310",
"#6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)"
],
"full_stack_details": [
{
"line": "#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51",
"address": 5403765,
"function_name": "LLVMFuzzerTestOneInput",
"function_offset": 51,
"source_file_name": "fuzz.c",
"source_file_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.c",
"source_file_line": 45
},
{
"line": "#1 0x42fb3a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x42fb3a)",
"address": 4389690,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe",
"module_offset": 4389690
},
{
"line": "#2 0x41ef87 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41ef87)",
"address": 4321159,
"function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe",
"module_offset": 4321159
},
{
"line": "#3 0x424ba1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x424ba1)",
"address": 4344737,
"function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe",
"module_offset": 4344737
},
{
"line": "#4 0x44bd72 in main (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x44bd72)",
"address": 4504946,
"function_name": "main",
"module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe",
"module_offset": 4504946
},
{
"line": "#5 0x7fbf0729bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310",
"address": 140458435656598,
"function_name": "__libc_start_main",
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c",
"source_file_line": 310
},
{
"line": "#6 0x41d879 in _start (/home/testuser/projects/onefuzz/samples/asan/fuzz.exe+0x41d879)",
"address": 4315257,
"function_name": "_start",
"module_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.exe",
"module_offset": 4315257
}
],
"full_stack_names": [
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"main",
"__libc_start_main",
"_start"
],
"minimized_stack_details": [
{
"line": "#0 0x527475 in LLVMFuzzerTestOneInput /home/testuser/projects/onefuzz/samples/asan/fuzz.c:45:51",
"address": 5403765,
"function_name": "fuzz.c",
"function_offset": 51,
"source_file_name": "fuzz.c",
"source_file_path": "/home/testuser/projects/onefuzz/samples/asan/fuzz.c",
"source_file_line": 45
}
],
"minimized_stack": [
"fuzz.c"
],
"minimized_stack_function_names": [
"fuzz.c"
]
}

206
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-deadly-signal.json Normal file
View File

@ -0,0 +1,206 @@
{
"text": "INFO: Seed: 1417742161\nINFO: Loaded 2 modules (16763 inline 8-bit counters): 14323 [0x7f1ee459ce50, 0x7f1ee45a0643), 2440 [0x56512aac5ae0, 0x56512aac6468), \nINFO: Loaded 2 PC tables (16763 PCs): 14323 [0x7f1ee45a0648,0x7f1ee45d8578), 2440 [0x56512aac6468,0x56512aacfce8), \n../linux_x64_asan_libfuzz_release/jsoncpp_fuzzer: Running 1 inputs 1 time(s) each.\nRunning: ./crash-975f93376ba7c1af9f1f2fd891f9e5714f06e69c\n==23788== ERROR: libFuzzer: deadly signal\n #0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3\n #1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5\n #2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3\n #3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6\n #4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3\n #5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)\n #6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10\n #7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23\n #8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24\n #9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15\n #10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6\n #11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9\n #12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10\n #13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310\n\nNOTE: libFuzzer has rudimentary signal handlers.\n Combine libFuzzer with AddressSanitizer or similar for better crash reports.\nSUMMARY: libFuzzer: deadly signal\n",
"sanitizer": "libFuzzer",
"summary": "libFuzzer: deadly signal",
"fault_type": "deadly signal",
"call_stack": [
"#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3",
"#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5",
"#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3",
"#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6",
"#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3",
"#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)",
"#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10",
"#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23",
"#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24",
"#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15",
"#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6",
"#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9",
"#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10",
"#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310"
],
"full_stack_details": [
{
"line": "#0 0x56512a9c1418 in __sanitizer_print_stack_trace /b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp:86:3",
"address": 94906607211544,
"function_name": "__sanitizer_print_stack_trace",
"function_offset": 3,
"source_file_name": "asan_stack.cpp",
"source_file_path": "/b/s/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cpp",
"source_file_line": 86
},
{
"line": "#1 0x56512aaaa42d in fuzzer::PrintStackTrace() third_party/libFuzzer/src/FuzzerUtil.cpp:205:5",
"address": 94906608165933,
"function_name": "fuzzer::PrintStackTrace()",
"function_offset": 5,
"source_file_name": "FuzzerUtil.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerUtil.cpp",
"source_file_line": 205
},
{
"line": "#2 0x56512aa6a85e in fuzzer::Fuzzer::CrashCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:232:3",
"address": 94906607904862,
"function_name": "fuzzer::Fuzzer::CrashCallback()",
"function_offset": 3,
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp",
"source_file_line": 232
},
{
"line": "#3 0x56512aa6a7df in fuzzer::Fuzzer::StaticCrashSignalCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:203:6",
"address": 94906607904735,
"function_name": "fuzzer::Fuzzer::StaticCrashSignalCallback()",
"function_offset": 6,
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp",
"source_file_line": 203
},
{
"line": "#4 0x56512aaab948 in fuzzer::CrashHandler(int, siginfo_t*, void*) third_party/libFuzzer/src/FuzzerUtilPosix.cpp:46:3",
"address": 94906608171336,
"function_name": "fuzzer::CrashHandler(int, siginfo_t*, void*)",
"function_offset": 3,
"source_file_name": "FuzzerUtilPosix.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerUtilPosix.cpp",
"source_file_line": 46
},
{
"line": "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)",
"address": 139770649909391,
"module_path": "/lib/x86_64-linux-gnu/libpthread.so.0",
"module_offset": 75919
},
{
"line": "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10",
"address": 94906607360673,
"function_name": "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)",
"function_offset": 10,
"source_file_name": "json_reader.cpp",
"source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp",
"source_file_line": 1062
},
{
"line": "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23",
"address": 94906607398324,
"function_name": "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*)",
"function_offset": 23,
"source_file_name": "json_reader.cpp",
"source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp",
"source_file_line": 1899
},
{
"line": "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24",
"address": 94906607338403,
"function_name": "LLVMFuzzerTestOneInput",
"function_offset": 24,
"source_file_name": "json_fuzzer.cc",
"source_file_path": "third_party/jsoncpp/fuzzers/json_fuzzer.cc",
"source_file_line": 39
},
{
"line": "#9 0x56512aa6d0cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) third_party/libFuzzer/src/FuzzerLoop.cpp:556:15",
"address": 94906607915215,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"function_offset": 15,
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerLoop.cpp",
"source_file_line": 556
},
{
"line": "#10 0x56512aa3b7da in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) third_party/libFuzzer/src/FuzzerDriver.cpp:292:6",
"address": 94906607712218,
"function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"function_offset": 6,
"source_file_name": "FuzzerDriver.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerDriver.cpp",
"source_file_line": 292
},
{
"line": "#11 0x56512aa4108a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) third_party/libFuzzer/src/FuzzerDriver.cpp:774:9",
"address": 94906607734922,
"function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"function_offset": 9,
"source_file_name": "FuzzerDriver.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerDriver.cpp",
"source_file_line": 774
},
{
"line": "#12 0x56512aa821ac in main third_party/libFuzzer/src/FuzzerMain.cpp:19:10",
"address": 94906608001452,
"function_name": "main",
"function_offset": 10,
"source_file_name": "FuzzerMain.cpp",
"source_file_path": "third_party/libFuzzer/src/FuzzerMain.cpp",
"source_file_line": 19
},
{
"line": "#13 0x7f1ee3361b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310",
"address": 139770637720470,
"function_name": "__libc_start_main",
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c",
"source_file_line": 310
}
],
"full_stack_names": [
"__sanitizer_print_stack_trace",
"fuzzer::PrintStackTrace()",
"fuzzer::Fuzzer::CrashCallback()",
"fuzzer::Fuzzer::StaticCrashSignalCallback()",
"fuzzer::CrashHandler(int, siginfo_t*, void*)",
"Json::OurReader::parse(char const*, char const*, Json::Value&, bool)",
"Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*)",
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"main",
"__libc_start_main"
],
"minimized_stack_details": [
{
"line": "#5 0x7f1ee3f0188f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)",
"address": 139770649909391,
"module_path": "/lib/x86_64-linux-gnu/libpthread.so.0",
"module_offset": 75919
},
{
"line": "#6 0x56512a9e5aa1 in Json::OurReader::parse(char const*, char const*, Json::Value&, bool) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1062:10",
"address": 94906607360673,
"function_name": "Json::OurReader::parse(char const*, char const*, Json::Value&, bool)",
"function_offset": 10,
"source_file_name": "json_reader.cpp",
"source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp",
"source_file_line": 1062
},
{
"line": "#7 0x56512a9eedb4 in Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*) third_party/jsoncpp/source/src/lib_json/json_reader.cpp:1899:23",
"address": 94906607398324,
"function_name": "Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*)",
"function_offset": 23,
"source_file_name": "json_reader.cpp",
"source_file_path": "third_party/jsoncpp/source/src/lib_json/json_reader.cpp",
"source_file_line": 1899
},
{
"line": "#8 0x56512a9e03a3 in LLVMFuzzerTestOneInput third_party/jsoncpp/fuzzers/json_fuzzer.cc:39:24",
"address": 94906607338403,
"function_name": "json_fuzzer.cc",
"function_offset": 24,
"source_file_name": "json_fuzzer.cc",
"source_file_path": "third_party/jsoncpp/fuzzers/json_fuzzer.cc",
"source_file_line": 39
}
],
"minimized_stack": [
"Json::OurReader::parse(char const*, char const*, Json::Value&, bool)",
"Json::OurCharReader::parse(char const*, char const*, Json::Value*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >*)",
"json_fuzzer.cc"
],
"minimized_stack_function_names": [
"Json::OurReader::parse",
"Json::OurCharReader::parse",
"json_fuzzer.cc"
]
}

167
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.json Normal file
View File

@ -0,0 +1,167 @@
{
"text": "INFO: Seed: 3452367435\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [0x7a1eb0, 0x7a1ebc),\nINFO: Loaded 1 PC tables (12 PCs): 12 [0x566fd8,0x567098),\n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: good.txt\n==25300== ERROR: libFuzzer: out-of-memory (malloc(100000000))\n To change the out-of-memory limit use -rss_limit_mb=<N>\n\n #0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)\n #1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)\n #2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)\n #3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)\n #4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)\n #5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)\n #6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)\n #7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)\n #8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18\n #9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)\n #10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)\n #11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)\n #12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)\n #13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310\n #14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)\n\nSUMMARY: libFuzzer: out-of-memory",
"sanitizer": "libFuzzer",
"summary": "libFuzzer: out-of-memory",
"fault_type": "out-of-memory",
"call_stack": [
"#0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)",
"#1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)",
"#2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)",
"#3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)",
"#4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)",
"#5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)",
"#6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)",
"#7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)",
"#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18",
"#9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)",
"#10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)",
"#11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)",
"#12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)",
"#13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310",
"#14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)"
],
"full_stack_details": [
{
"line": "#0 0x526011 in __sanitizer_print_stack_trace (/home/user/src/onefuzz/src/agent/fuzz.exe+0x526011)",
"address": 5398545,
"function_name": "__sanitizer_print_stack_trace",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 5398545
},
{
"line": "#1 0x471168 in fuzzer::PrintStackTrace() (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471168)",
"address": 4657512,
"function_name": "fuzzer::PrintStackTrace()",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4657512
},
{
"line": "#2 0x455495 in fuzzer::Fuzzer::HandleMalloc(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x455495)",
"address": 4543637,
"function_name": "fuzzer::Fuzzer::HandleMalloc(unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4543637
},
{
"line": "#3 0x4553aa in fuzzer::MallocHook(void const volatile*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4553aa)",
"address": 4543402,
"function_name": "fuzzer::MallocHook(void const volatile*, unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4543402
},
{
"line": "#4 0x52c337 in __sanitizer::RunMallocHooks(void const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x52c337)",
"address": 5423927,
"function_name": "__sanitizer::RunMallocHooks(void const*, unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 5423927
},
{
"line": "#5 0x4a69f1 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a69f1)",
"address": 4876785,
"function_name": "__asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4876785
},
{
"line": "#6 0x4a61c3 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4a61c3)",
"address": 4874691,
"function_name": "__asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4874691
},
{
"line": "#7 0x51d53b in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d53b)",
"address": 5363003,
"function_name": "malloc",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 5363003
},
{
"line": "#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18",
"address": 5557284,
"function_name": "LLVMFuzzerTestOneInput",
"function_offset": 18,
"source_file_name": "fuzz.c",
"source_file_path": "/home/user/src/onefuzz/src/agent/fuzz.c",
"source_file_line": 9
},
{
"line": "#9 0x457971 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x457971)",
"address": 4553073,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4553073
},
{
"line": "#10 0x4430e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x4430e2)",
"address": 4468962,
"function_name": "fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4468962
},
{
"line": "#11 0x448b96 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x448b96)",
"address": 4492182,
"function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4492182
},
{
"line": "#12 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)",
"address": 4659282,
"function_name": "main",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4659282
},
{
"line": "#13 0x7f6b3d630b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310",
"address": 140098568129430,
"function_name": "__libc_start_main",
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c",
"source_file_line": 310
},
{
"line": "#14 0x41d7a9 in _start (/home/user/src/onefuzz/src/agent/fuzz.exe+0x41d7a9)",
"address": 4315049,
"function_name": "_start",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4315049
}
],
"full_stack_names": [
"__sanitizer_print_stack_trace",
"fuzzer::PrintStackTrace()",
"fuzzer::Fuzzer::HandleMalloc(unsigned long)",
"fuzzer::MallocHook(void const volatile*, unsigned long)",
"__sanitizer::RunMallocHooks(void const*, unsigned long)",
"__asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool)",
"__asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*)",
"malloc",
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"main",
"__libc_start_main",
"_start"
],
"minimized_stack_details": [
{
"line": "#8 0x54cc24 in LLVMFuzzerTestOneInput /home/user/src/onefuzz/src/agent/fuzz.c:9:18",
"address": 5557284,
"function_name": "fuzz.c",
"function_offset": 18,
"source_file_name": "fuzz.c",
"source_file_path": "/home/user/src/onefuzz/src/agent/fuzz.c",
"source_file_line": 9
}
],
"minimized_stack": [
"fuzz.c"
],
"minimized_stack_function_names": [
"fuzz.c"
]
}

64
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-linux-llvm10-out-of-memory-rss.json Normal file
View File

@ -0,0 +1,64 @@
{
"text": "INFO: Seed: 3192757444\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [0x7a1eb0, 0x7a1ebc),\nINFO: Loaded 1 PC tables (12 PCs): 12 [0x566fd8,0x567098),\n./fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: good.txt\n==25201== ERROR: libFuzzer: out-of-memory (used: 134Mb; limit: 1Mb)\n To change the out-of-memory limit use -rss_limit_mb=<N>\n\nLive Heap Allocations: 21573335 bytes in 22 chunks; quarantined: 100009208 bytes in 8 chunks; 5943 other chunks; total chunks: 5973; showing top 95% (at most 8 unique contexts)\n21499304 byte(s) (99%) in 10 allocation(s)\n #0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)\n #1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)\n #2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)\n #3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310\n\nSUMMARY: libFuzzer: out-of-memory",
"sanitizer": "libFuzzer",
"summary": "libFuzzer: out-of-memory",
"fault_type": "out-of-memory",
"call_stack": [
"#0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)",
"#1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)",
"#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)",
"#3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310"
],
"full_stack_details": [
{
"line": "#0 0x51d4dd in malloc (/home/user/src/onefuzz/src/agent/fuzz.exe+0x51d4dd)",
"address": 5362909,
"function_name": "malloc",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 5362909
},
{
"line": "#1 0x431b97 in operator new(unsigned long) (/home/user/src/onefuzz/src/agent/fuzz.exe+0x431b97)",
"address": 4397975,
"function_name": "operator new(unsigned long)",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4397975
},
{
"line": "#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)",
"address": 4659282,
"function_name": "main",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4659282
},
{
"line": "#3 0x7f2e2eb89b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310",
"address": 139836329073558,
"function_name": "__libc_start_main",
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c",
"source_file_line": 310
}
],
"full_stack_names": [
"malloc",
"operator new(unsigned long)",
"main",
"__libc_start_main"
],
"minimized_stack_details": [
{
"line": "#2 0x471852 in main (/home/user/src/onefuzz/src/agent/fuzz.exe+0x471852)",
"address": 4659282,
"function_name": "main",
"module_path": "/home/user/src/onefuzz/src/agent/fuzz.exe",
"module_offset": 4659282
}
],
"minimized_stack": [
"main"
],
"minimized_stack_function_names": [
"main"
]
}

116
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness-underflow.json Normal file
View File

@ -0,0 +1,116 @@
{
"text": "=================================================================\n==32266==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffd2173f200 at pc 0x0000004fd403 bp 0x7ffd2173f1f0 sp 0x7ffd2173f1e8\nWRITE of size 4 at 0x7ffd2173f200 thread T0\nSCARINESS: 51 (4-byte-write-stack-buffer-underflow)\n #0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69\n #1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)\n #2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)\n #3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)\n #4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)\n #5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)\n #6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)\n #7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16\n #8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)\n\nAddress 0x7ffd2173f200 is located in stack of thread T0 at offset 0 in frame\n #0 0x4fcccf in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:8\n\n This frame has 1 object(s):\n [32, 36) 'cnt' (line 9)\nHINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork\n (longjmp and C++ exceptions *are* supported)\nSUMMARY: AddressSanitizer: stack-buffer-underflow /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69 in LLVMFuzzerTestOneInput\nShadow bytes around the buggy address:\n 0x1000242dfdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x1000242dfe40:[f1]f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00\n 0x1000242dfe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x1000242dfe90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==32266==ABORTING\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer: stack-buffer-underflow /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69 in LLVMFuzzerTestOneInput",
"fault_type": "stack-buffer-underflow",
"call_stack": [
"#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69",
"#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)",
"#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)",
"#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)",
"#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)",
"#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)",
"#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)",
"#7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16",
"#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)"
],
"full_stack_details": [
{
"line": "#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69",
"address": 5231618,
"function_name": "LLVMFuzzerTestOneInput",
"function_offset": 69,
"source_file_name": "simple.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c",
"source_file_line": 28
},
{
"line": "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)",
"address": 4436593,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4436593
},
{
"line": "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)",
"address": 4434341,
"function_name": "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4434341
},
{
"line": "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)",
"address": 4444059,
"function_name": "fuzzer::Fuzzer::MutateAndTestOne()",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4444059
},
{
"line": "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)",
"address": 4447509,
"function_name": "fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4447509
},
{
"line": "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)",
"address": 4364699,
"function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4364699
},
{
"line": "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)",
"address": 4544418,
"function_name": "main",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4544418
},
{
"line": "#7 0x7f878654d0b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16",
"address": 140220051017906,
"function_name": "__libc_start_main",
"function_offset": 16,
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c",
"source_file_line": 308
},
{
"line": "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)",
"address": 4315993,
"function_name": "_start",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4315993
}
],
"full_stack_names": [
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)",
"fuzzer::Fuzzer::MutateAndTestOne()",
"fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)",
"fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"main",
"__libc_start_main",
"_start"
],
"minimized_stack_details": [
{
"line": "#0 0x4fd402 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:28:69",
"address": 5231618,
"function_name": "simple.c",
"function_offset": 69,
"source_file_name": "simple.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c",
"source_file_line": 28
}
],
"minimized_stack": [
"simple.c"
],
"minimized_stack_function_names": [
"simple.c"
],
"scariness_score": 51,
"scariness_description": "4-byte-write-stack-buffer-underflow"
}

116
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-scariness.json Normal file
View File

@ -0,0 +1,116 @@
{
"text": "=================================================================\n==28073==ERROR: AddressSanitizer: FPE on unknown address 0x0000004fd774 (pc 0x0000004fd774 bp 0x7ffd45d2c110 sp 0x7ffd45d2bf00 T0)\nSCARINESS: 10 (signal)\n #0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32\n #1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)\n #2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)\n #3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)\n #4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)\n #5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)\n #6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)\n #7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16\n #8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: FPE /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32 in LLVMFuzzerTestOneInput\n==28073==ABORTING\n",
"sanitizer": "AddressSanitizer",
"summary": "AddressSanitizer: FPE /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32 in LLVMFuzzerTestOneInput",
"fault_type": "FPE",
"call_stack": [
"#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32",
"#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)",
"#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)",
"#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)",
"#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)",
"#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)",
"#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)",
"#7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16",
"#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)"
],
"full_stack_details": [
{
"line": "#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32",
"address": 5232499,
"function_name": "LLVMFuzzerTestOneInput",
"function_offset": 32,
"source_file_name": "simple.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c",
"source_file_line": 58
},
{
"line": "#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43b271)",
"address": 4436593,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4436593
},
{
"line": "#2 0x43a9a5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43a9a5)",
"address": 4434341,
"function_name": "fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4434341
},
{
"line": "#3 0x43cf9b in fuzzer::Fuzzer::MutateAndTestOne() (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43cf9b)",
"address": 4444059,
"function_name": "fuzzer::Fuzzer::MutateAndTestOne()",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4444059
},
{
"line": "#4 0x43dd15 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x43dd15)",
"address": 4447509,
"function_name": "fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4447509
},
{
"line": "#5 0x42999b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/tmp/xx/linux-libfuzzer/fuzz.exe+0x42999b)",
"address": 4364699,
"function_name": "fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4364699
},
{
"line": "#6 0x4557a2 in main (/tmp/xx/linux-libfuzzer/fuzz.exe+0x4557a2)",
"address": 4544418,
"function_name": "main",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4544418
},
{
"line": "#7 0x7fc6b74190b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16",
"address": 140491454779570,
"function_name": "__libc_start_main",
"function_offset": 16,
"source_file_name": "libc-start.c",
"source_file_path": "/build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c",
"source_file_line": 308
},
{
"line": "#8 0x41db59 in _start (/tmp/xx/linux-libfuzzer/fuzz.exe+0x41db59)",
"address": 4315993,
"function_name": "_start",
"module_path": "/tmp/xx/linux-libfuzzer/fuzz.exe",
"module_offset": 4315993
}
],
"full_stack_names": [
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)",
"fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)",
"fuzzer::Fuzzer::MutateAndTestOne()",
"fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)",
"fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))",
"main",
"__libc_start_main",
"_start"
],
"minimized_stack_details": [
{
"line": "#0 0x4fd773 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c:58:32",
"address": 5232499,
"function_name": "simple.c",
"function_offset": 32,
"source_file_name": "simple.c",
"source_file_path": "/home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c",
"source_file_line": 58
}
],
"minimized_stack": [
"simple.c"
],
"minimized_stack_function_names": [
"simple.c"
],
"scariness_score": 10,
"scariness_description": "signal"
}

184
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.json Normal file
View File

@ -0,0 +1,184 @@
{
"text": "INFO: Seed: 695951618\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF739F96088, 00007FF739F96094),\nINFO: Loaded 1 PC tables (12 PCs): 12 [00007FF739F48720,00007FF739F487E0),\nX:\\fuzz\\fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: .\\good.txt\n==1060== ERROR: libFuzzer: out-of-memory (malloc(2000000))\n To change the out-of-memory limit use -rss_limit_mb=<N>\n\n #0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86\n #1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205\n #2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130\n #3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99\n #4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299\n #5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560\n #6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892\n #7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99\n #8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)\n #9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556\n #10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293\n #11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779\n #12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19\n #13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288\n #14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)\n #15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)\n\nSUMMARY: libFuzzer: out-of-memory",
"sanitizer": "libFuzzer",
"summary": "libFuzzer: out-of-memory",
"fault_type": "out-of-memory",
"call_stack": [
"#0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86",
"#1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205",
"#2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130",
"#3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99",
"#4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299",
"#5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560",
"#6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892",
"#7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99",
"#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)",
"#9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556",
"#10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293",
"#11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779",
"#12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19",
"#13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288",
"#14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)",
"#15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)"
],
"full_stack_details": [
{
"line": "#0 0x7ff739e118a8 in __sanitizer_print_stack_trace C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp:86",
"address": 140699804702888,
"function_name": "__sanitizer_print_stack_trace",
"source_file_name": "asan_stack.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_stack.cpp",
"source_file_line": 86
},
{
"line": "#1 0x7ff739e38a84 in fuzzer::PrintStackTrace(void) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp:205",
"address": 140699804863108,
"function_name": "fuzzer::PrintStackTrace(void)",
"source_file_name": "FuzzerUtil.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerUtil.cpp",
"source_file_line": 205
},
{
"line": "#2 0x7ff739e570d1 in fuzzer::Fuzzer::HandleMalloc(unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:130",
"address": 140699804987601,
"function_name": "fuzzer::Fuzzer::HandleMalloc(unsigned __int64)",
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp",
"source_file_line": 130
},
{
"line": "#3 0x7ff739e56ff7 in fuzzer::MallocHook(void const volatile *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:99",
"address": 140699804987383,
"function_name": "fuzzer::MallocHook(void const volatile *, unsigned __int64)",
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp",
"source_file_line": 99
},
{
"line": "#4 0x7ff739e0a739 in __sanitizer::RunMallocHooks(void const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp:299",
"address": 140699804673849,
"function_name": "__sanitizer::RunMallocHooks(void const *, unsigned __int64)",
"source_file_name": "sanitizer_common.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\sanitizer_common\\sanitizer_common.cpp",
"source_file_line": 299
},
{
"line": "#5 0x7ff739e2c862 in __asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:560",
"address": 140699804813410,
"function_name": "__asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool)",
"source_file_name": "asan_allocator.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp",
"source_file_line": 560
},
{
"line": "#6 0x7ff739e2c169 in __asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp:892",
"address": 140699804811625,
"function_name": "__asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *)",
"source_file_name": "asan_allocator.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_allocator.cpp",
"source_file_line": 892
},
{
"line": "#7 0x7ff739e19730 in malloc C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp:99",
"address": 140699804735280,
"function_name": "malloc",
"source_file_name": "asan_malloc_win.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\asan\\asan_malloc_win.cpp",
"source_file_line": 99
},
{
"line": "#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)",
"address": 140699804569697,
"function_name": "LLVMFuzzerTestOneInput",
"module_path": "X:\\fuzz\\fuzz.exe",
"module_offset": 5368713313
},
{
"line": "#9 0x7ff739e5a0ea in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp:556",
"address": 140699804999914,
"function_name": "fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64)",
"source_file_name": "FuzzerLoop.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerLoop.cpp",
"source_file_line": 556
},
{
"line": "#10 0x7ff739e6d025 in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:293",
"address": 140699805077541,
"function_name": "fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64)",
"source_file_name": "FuzzerDriver.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp",
"source_file_line": 293
},
{
"line": "#11 0x7ff739e72076 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp:779",
"address": 140699805098102,
"function_name": "fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64))",
"source_file_name": "FuzzerDriver.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerDriver.cpp",
"source_file_line": 779
},
{
"line": "#12 0x7ff739e33ec2 in main C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp:19",
"address": 140699804843714,
"function_name": "main",
"source_file_name": "FuzzerMain.cpp",
"source_file_path": "C:\\src\\llvm_package_1000-final\\llvm-project\\compiler-rt\\lib\\fuzzer\\FuzzerMain.cpp",
"source_file_line": 19
},
{
"line": "#13 0x7ff739e79b5f in __scrt_common_main_seh d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl:288",
"address": 140699805129567,
"function_name": "__scrt_common_main_seh",
"source_file_name": "exe_common.inl",
"source_file_path": "d:\\A01\\_work\\6\\s\\src\\vctools\\crt\\vcstartup\\src\\startup\\exe_common.inl",
"source_file_line": 288
},
{
"line": "#14 0x7ffa95e46fd3 in BaseThreadInitThunk (C:\\WINDOWS\\System32\\KERNEL32.DLL+0x180016fd3)",
"address": 140714233327571,
"function_name": "BaseThreadInitThunk",
"module_path": "C:\\WINDOWS\\System32\\KERNEL32.DLL",
"module_offset": 6442545107
},
{
"line": "#15 0x7ffa975bcec0 in RtlUserThreadStart (C:\\WINDOWS\\SYSTEM32\\ntdll.dll+0x18004cec0)",
"address": 140714257927872,
"function_name": "RtlUserThreadStart",
"module_path": "C:\\WINDOWS\\SYSTEM32\\ntdll.dll",
"module_offset": 6442766016
}
],
"full_stack_names": [
"__sanitizer_print_stack_trace",
"fuzzer::PrintStackTrace(void)",
"fuzzer::Fuzzer::HandleMalloc(unsigned __int64)",
"fuzzer::MallocHook(void const volatile *, unsigned __int64)",
"__sanitizer::RunMallocHooks(void const *, unsigned __int64)",
"__asan::Allocator::Allocate(unsigned __int64, unsigned __int64, struct __sanitizer::BufferedStackTrace *, enum __asan::AllocType, bool)",
"__asan::asan_malloc(unsigned __int64, struct __sanitizer::BufferedStackTrace *)",
"malloc",
"LLVMFuzzerTestOneInput",
"fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64)",
"fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64)",
"fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64))",
"main",
"__scrt_common_main_seh",
"BaseThreadInitThunk",
"RtlUserThreadStart"
],
"minimized_stack_details": [
{
"line": "#8 0x7ff739df1061 in LLVMFuzzerTestOneInput (X:\\fuzz\\fuzz.exe+0x140001061)",
"address": 140699804569697,
"function_name": "LLVMFuzzerTestOneInput",
"module_path": "X:\\fuzz\\fuzz.exe",
"module_offset": 5368713313
}
],
"minimized_stack": [
"LLVMFuzzerTestOneInput"
],
"minimized_stack_function_names": [
"LLVMFuzzerTestOneInput"
]
}

6
src/agent/stacktrace-parser/data/parsed-traces/libfuzzer-windows-llvm10-out-of-memory-rss.json Normal file
View File

@ -0,0 +1,6 @@
{
"text": "INFO: Seed: 3655625785\nINFO: Loaded 1 modules (12 inline 8-bit counters): 12 [00007FF7C1F46088, 00007FF7C1F46094),\nINFO: Loaded 1 PC tables (12 PCs): 12 [00007FF7C1EF8720,00007FF7C1EF87E0),\nX:\\fuzz\\fuzz.exe: Running 1 inputs 1 time(s) each.\nRunning: .\\good.txt\n==12788== ERROR: libFuzzer: out-of-memory (used: 178Mb; limit: 1Mb)\n To change the out-of-memory limit use -rss_limit_mb=<N>\n\nSUMMARY: libFuzzer: out-of-memory",
"sanitizer": "libFuzzer",
"summary": "libFuzzer: out-of-memory",
"fault_type": "out-of-memory"
}

6
src/agent/stacktrace-parser/data/parsed-traces/tsan-linux-llvm10-data-race.json Normal file
View File

@ -0,0 +1,6 @@
{
"text": "==================\nWARNING: ThreadSanitizer: data race (pid=4659)\n Write of size 4 at 0x000001109278 by thread T1:\n #0 Thread1 /home/user/fuzz-targets/tiny_race.c:4:10 (tiny_race.exe+0x4ac607)\n\n Previous write of size 4 at 0x000001109278 by main thread:\n #0 main /home/user/fuzz-targets/tiny_race.c:10:10 (tiny_race.exe+0x4ac64e)\n\n Location is global 'Global' of size 4 at 0x000001109278 (tiny_race.exe+0x000001109278)\n\n Thread T1 (tid=4661, running) created by main thread at:\n #0 pthread_create <null> (tiny_race.exe+0x422fe5)\n #1 main /home/user/fuzz-targets/tiny_race.c:9:3 (tiny_race.exe+0x4ac644)\n\nSUMMARY: ThreadSanitizer: data race /home/user/fuzz-targets/tiny_race.c:4:10 in Thread1\n==================\nThreadSanitizer: reported 1 warnings",
"sanitizer": "ThreadSanitizer",
"summary": "ThreadSanitizer: data race /home/user/fuzz-targets/tiny_race.c:4:10 in Thread1",
"fault_type": "data race"
}

0
src/agent/onefuzz/data/asan-check-failure-missing-symbolizer.txt → src/agent/stacktrace-parser/data/stack-traces/asan-check-failure-missing-symbolizer.txt
View File

0
src/agent/onefuzz/data/asan-check-failure.txt → src/agent/stacktrace-parser/data/stack-traces/asan-check-failure.txt
View File

0
src/agent/onefuzz/data/asan-odr-violation.txt → src/agent/stacktrace-parser/data/stack-traces/asan-odr-violation.txt
View File

0
src/agent/onefuzz/data/clang-10-asan-breakpoint.txt → src/agent/stacktrace-parser/data/stack-traces/clang-10-asan-breakpoint.txt
View File

0
src/agent/onefuzz/data/libfuzzer-asan-log.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-asan-log.txt
View File

0
src/agent/onefuzz/data/libfuzzer-deadly-signal.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-deadly-signal.txt
View File

0
src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-malloc.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-malloc.txt
View File

0
src/agent/onefuzz/data/libfuzzer-linux-llvm10-out-of-memory-rss.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-linux-llvm10-out-of-memory-rss.txt
View File

0
src/agent/onefuzz/data/libfuzzer-scariness-underflow.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness-underflow.txt
View File

0
src/agent/onefuzz/data/libfuzzer-scariness.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-scariness.txt
View File

0
src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-malloc.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-malloc.txt
View File

0
src/agent/onefuzz/data/libfuzzer-windows-llvm10-out-of-memory-rss.txt → src/agent/stacktrace-parser/data/stack-traces/libfuzzer-windows-llvm10-out-of-memory-rss.txt
View File

0
src/agent/onefuzz/data/tsan-linux-llvm10-data-race.txt → src/agent/stacktrace-parser/data/stack-traces/tsan-linux-llvm10-data-race.txt
View File

266
src/agent/stacktrace-parser/src/asan.rs Normal file
View File

@ -0,0 +1,266 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
use crate::StackEntry;
use anyhow::{bail, Result};
use regex::Regex;
pub(crate) fn parse_asan_call_stack(text: &str) -> Result<Vec<StackEntry>> {
let mut stack = vec![];
let mut parsing_stack = false;
let base = r"\s*#(?P<frame>\d+)\s+0x(?P<address>[0-9a-fA-F]+)\s";
let entries = &[
// "module::func(char *args) (/path/to/bin+0x123)"
r"in (?P<func_1>.*) \((?P<module_path_1>[^+]+)\+0x(?P<module_offset_1>[0-9a-fA-F]+)\)",
// "in foo /path:16:17"
r"in (?P<func_2>.*) (?P<file_path_1>[^ ]+):(?P<file_line_1>\d+):(?P<function_offset_1>\d+)",
// "in foo /path:16"
r"in (?P<func_3>.*) (?P<file_path_2>[^ ]+):(?P<file_line_2>\d+)",
// " (/path/to/bin+0x123)"
r" \((?P<module_path_2>.*)\+0x(?P<module_offset_2>[0-9a-fA-F]+)\)$",
// "in libc.so.6"
r"in (?P<module_path_3>[a-z0-9.]+)$",
// "in _objc_terminate()"
r"in (?P<func_4>.*)",
];
let asan_re = format!("^{}(?:{})$", base, entries.join("|"));
let asan_base = Regex::new(&asan_re).expect("asan regex failed to compile");
for line in text.lines() {
let line = line.trim();
// println!("LINE: {:?}", line);
let asan_captures = asan_base.captures(line);
match (parsing_stack, asan_captures) {
(true, None) => break,
(false, None) => {
continue;
}
(_, Some(captures)) => {
parsing_stack = true;
// the base capture always matches
let line = captures[0].to_string();
// address base capture always matches
let address = Some(u64::from_str_radix(&captures["address"], 16)?);
let function_name = captures
.name("func_1")
.or_else(|| captures.name("func_2"))
.or_else(|| captures.name("func_3"))
.or_else(|| captures.name("func_4"))
.map(|x| x.as_str().to_string());
let source_file_path = captures
.name("file_path_1")
.or_else(|| captures.name("file_path_2"))
.map(|x| x.as_str().to_string());
let source_file_name = source_file_path
.as_ref()
.map(|x| get_call_stack_file_name(x));
let source_file_line = match captures
.name("file_line_1")
.or_else(|| captures.name("file_line_2"))
.map(|x| x.as_str())
{
Some(x) => Some(x.parse()?),
None => None,
};
let function_offset = match captures.name("function_offset_1").map(|x| x.as_str()) {
Some(x) => Some(x.parse()?),
None => None,
};
let module_path = captures
.name("module_path_1")
.or_else(|| captures.name("module_path_2"))
.or_else(|| captures.name("module_path_3"))
.map(|x| x.as_str().to_string());
let module_offset = match captures
.name("module_offset_1")
.or_else(|| captures.name("module_offset_2"))
.map(|x| x.as_str())
{
Some(x) => Some(u64::from_str_radix(x, 16)?),
None => None,
};
let entry = StackEntry {
line,
address,
function_name,
source_file_path,
source_file_name,
source_file_line,
module_path,
module_offset,
function_offset,
};
stack.push(entry);
}
}
}
Ok(stack)
}
pub(crate) fn parse_scariness(text: &str) -> Option<(u32, String)> {
let pattern = r"(?m)^SCARINESS: (\d+) \(([^\)]+)\)\r?$";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let index = u32::from_str_radix(captures.get(1)?.as_str(), 10).ok()?;
let value = captures.get(2)?.as_str().trim();
Some((index, value.into()))
}
pub(crate) fn parse_asan_runtime_error(text: &str) -> Option<(String, String, String)> {
let pattern = r"==\d+==((\w+) (CHECK failed): [^ \n]+)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}
pub(crate) fn parse_asan_abort_error(text: &str) -> Option<(String, String, String)> {
let pattern = r"==\d+==\s*(ERROR|WARNING): (?P<summary>(?P<sanitizer>\w+Sanitizer|libFuzzer): (?P<fault_type>ABRT|access-violation|deadly signal|use-of-uninitialized-value|stack-overflow)[^\n]*)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.name("summary")?.as_str().trim();
let sanitizer = captures.name("sanitizer")?.as_str().trim();
let fault_type = captures.name("fault_type")?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}
pub(crate) fn parse_summary_base(text: &str) -> Option<(String, String, String)> {
let pattern = r"SUMMARY: ((\w+): (data race|deadly signal|odr-violation|[^ \n]+).*)";
let re = Regex::new(pattern).ok()?;
let captures = re.captures(text)?;
let summary = captures.get(1)?.as_str().trim();
let sanitizer = captures.get(2)?.as_str().trim();
let fault_type = captures.get(3)?.as_str().trim();
Some((summary.into(), sanitizer.into(), fault_type.into()))
}
pub(crate) fn parse_summary(text: &str) -> Result<(String, String, String)> {
if let Some((summary, sanitizer, fault_type)) = parse_summary_base(&text) {
return Ok((summary, sanitizer, fault_type));
}
if let Some((summary, sanitizer, fault_type)) = parse_asan_abort_error(&text) {
return Ok((summary, sanitizer, fault_type));
}
if let Some((summary, sanitizer, fault_type)) = parse_asan_runtime_error(&text) {
return Ok((summary, sanitizer, fault_type));
}
bail!("unable to parse crash log summary")
}
// Unfortunately, we can't just use Path's split as we want to
// parse stack frames from OSes other than OS the app is running
// on
fn get_call_stack_file_name(file_path: &str) -> String {
let split: Vec<_> = file_path.rsplitn(2, '/').collect();
if split.len() == 2 {
return split[0].to_string();
}
let split: Vec<_> = file_path.rsplitn(2, '\\').collect();
if split.len() == 2 {
return split[0].to_string();
}
file_path.to_string()
}
#[cfg(test)]
mod tests {
use super::{parse_asan_call_stack, StackEntry};
use anyhow::{Context, Result};
use pretty_assertions::assert_eq;
#[test]
fn test_asan_stack_line() -> Result<()> {
let test_cases = vec![
(
r"#0 0x1 (/path/to/bin+0x2)",
vec![StackEntry {
line: r"#0 0x1 (/path/to/bin+0x2)".to_string(),
address: Some(1),
module_path: Some("/path/to/bin".to_string()),
module_offset: Some(2),
..Default::default()
}],
),
(
r"#42 0xf (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18004cec0)",
vec![StackEntry {
line: r"#42 0xf (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18004cec0)".to_string(),
address: Some(15),
module_path: Some(r"C:\WINDOWS\SYSTEM32\ntdll.dll".to_string()),
module_offset: Some(6442766016),
..Default::default()
}],
),
(
r"#10 0xee in module::func(fuzzer::Fuzzer*, char const*, unsigned long) (/path/to/bin+0x123)",
vec![StackEntry {
line: r"#10 0xee in module::func(fuzzer::Fuzzer*, char const*, unsigned long) (/path/to/bin+0x123)".to_string(),
address: Some(238),
function_name: Some("module::func(fuzzer::Fuzzer*, char const*, unsigned long)".to_string()),
module_path: Some(r"/path/to/bin".to_string()),
module_offset: Some(291),
..Default::default()
}],
),
(
r"#8 0x123 in from_file /path/to/source.c:67:12",
vec![StackEntry {
line: r"#8 0x123 in from_file /path/to/source.c:67:12".to_string(),
address: Some(291),
function_name: Some("from_file".to_string()),
function_offset: Some(12),
source_file_path: Some("/path/to/source.c".to_string()),
source_file_name: Some("source.c".to_string()),
source_file_line: Some(67),
..Default::default()
}],
),
(
r"#0 0x3 in libc.so.6",
vec![StackEntry {
line: r"#0 0x3 in libc.so.6".to_string(),
address: Some(3),
module_path: Some("libc.so.6".to_string()),
..Default::default()
}],
),
(
r"#10 0x55 (/usr/lib/libc++abi.dylib:x86_64+0x10)",
vec![StackEntry {
line: r"#10 0x55 (/usr/lib/libc++abi.dylib:x86_64+0x10)".to_string(),
address: Some(0x55),
module_path: Some("/usr/lib/libc++abi.dylib:x86_64".to_string()),
module_offset: Some(0x10),
..Default::default()
}],
)
];
for (data, expected) in test_cases {
let parsed = parse_asan_call_stack(data.clone())
.with_context(|| format!("parsing asan stack failed {}", data))?;
assert_eq!(expected, parsed);
}
Ok(())
}
}

17
src/agent/stacktrace-parser/src/bin/parse-stacktrace.rs Normal file
View File

@ -0,0 +1,17 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
use anyhow::Result;
use stacktrace_parser::CrashLog;
use std::{env, fs};
fn main() -> Result<()> {
for filename in env::args().skip(1) {
let data = fs::read_to_string(&filename)?;
let asan = CrashLog::parse(data)?;
eprintln!("{}", filename);
println!("{}", serde_json::to_string_pretty(&asan)?);
}
Ok(())
}

446
src/agent/stacktrace-parser/src/lib.rs Normal file
View File

@ -0,0 +1,446 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
use anyhow::Result;
use libclusterfuzz::get_stack_filter;
use regex::RegexSet;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
mod asan;
#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)]
pub struct StackEntry {
pub line: String,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub address: Option<u64>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub function_name: Option<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub function_offset: Option<u64>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub source_file_name: Option<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub source_file_path: Option<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub source_file_line: Option<u64>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub module_path: Option<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub module_offset: Option<u64>,
}
#[derive(Clone, Debug, Default, PartialEq, Serialize, Deserialize)]
pub struct CrashLog {
pub text: String,
pub sanitizer: String,
pub summary: String,
pub fault_type: String,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub call_stack: Vec<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub full_stack_details: Vec<StackEntry>,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub full_stack_names: Vec<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub minimized_stack_details: Vec<StackEntry>,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub minimized_stack: Vec<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Vec::is_empty")]
pub minimized_stack_function_names: Vec<String>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub scariness_score: Option<u32>,
#[serde(default)]
#[serde(skip_serializing_if = "Option::is_none")]
pub scariness_description: Option<String>,
}
fn function_without_args(func: &str) -> String {
// TODO: This is an extremely niave approach to splitting arguments. It
// doesn't handle C++ well. As an example:
//
// This turns this:
// "base::internal::RunnableAdapter<void (__cdecl*)(scoped_ptr<blink::WebTaskRunner::Task,std::default_delete<blink::WebTaskRunner::Task> >)>::Run",
//
// Into this:
// "base::internal::RunnableAdapter<void "
//
// However, given this is intended to enable de-duplicating crash reports
// with ClusterFuzz, this is going to stay this way for now. This is used to
// fill in `minimized_stack_functions_names`. The unstripped version will be
// in `minimized_stack`.
func.splitn(2, '(')
.next()
.expect("splitn should always return at least one item")
.to_string()
}
fn filter_funcs(entry: &StackEntry, stack_filter: &RegexSet) -> Option<StackEntry> {
let mut entry = entry.clone();
if let Some(name) = &entry.function_name {
// mirror Clusterfuzz's replacing LLVMFuzzerTestOneInput
// with the fuzzer filename
//
// Ref: https://github.com/google/clusterfuzz/blob/
// a6bb73e4988f4a7064e990a0a78cc6bc812ef741/src/python/
// lib/clusterfuzz/stacktraces/__init__.py#L1362-L1373
if name == "LLVMFuzzerTestOneInput" {
if let Some(file_name) = &entry.source_file_name {
entry.function_name = Some(file_name.to_string());
return Some(entry);
}
}
if stack_filter.is_match(name) {
return None;
}
}
Some(entry)
}
impl CrashLog {
pub fn parse(text: String) -> Result<Self> {
let (summary, sanitizer, fault_type) = parse_summary(&text)?;
let full_stack_details = parse_call_stack(&text).unwrap_or_default();
let (scariness_score, scariness_description) = parse_scariness(&text);
let call_stack = full_stack_details.iter().map(|x| x.line.clone()).collect();
let stack_filter = get_stack_filter();
let mut minimized_stack_details: Vec<StackEntry> = full_stack_details
.iter()
.filter_map(|x| filter_funcs(x, &stack_filter))
.collect();
// if we don't have a minimized stack, if one of these functions is on
// the stack, use it
for entry in &[
"LLVMFuzzerTestOneInput",
"fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)",
"main",
] {
if !minimized_stack_details.is_empty() {
break;
}
let value = Some(String::from(*entry));
minimized_stack_details = full_stack_details
.iter()
.filter_map(|x| {
if x.function_name == value {
Some(x.clone())
} else {
None
}
})
.collect();
}
let full_stack_names: Vec<String> = full_stack_details
.iter()
.filter_map(|x| x.function_name.as_ref().cloned())
.collect();
let minimized_stack: Vec<String> = minimized_stack_details
.iter()
.filter_map(|x| x.function_name.clone())
.collect();
let minimized_stack_function_names: Vec<String> = minimized_stack
.iter()
.map(|x| function_without_args(x))
.collect();
let log = Self {
text,
sanitizer,
summary,
fault_type,
call_stack,
scariness_score,
scariness_description,
full_stack_details,
full_stack_names,
minimized_stack,
minimized_stack_function_names,
minimized_stack_details,
};
Ok(log)
}
pub fn call_stack_sha256(&self) -> String {
digest_iter(&self.call_stack, None)
}
pub fn minimized_stack_sha256(&self, depth: Option<usize>) -> String {
digest_iter(&self.minimized_stack, depth)
}
pub fn minimized_stack_function_names_sha256(&self, depth: Option<usize>) -> String {
digest_iter(&self.minimized_stack_function_names, depth)
}
}
fn parse_summary(text: &str) -> Result<(String, String, String)> {
// eventually, this should be updated to support multiple callstack formats
asan::parse_summary(&text)
}
fn parse_scariness(text: &str) -> (Option<u32>, Option<String>) {
// eventually, this should be updated to support multiple callstack formats,
// including building this value
match asan::parse_scariness(&text) {
Some((x, y)) => (Some(x), Some(y)),
None => (None, None),
}
}
pub fn parse_call_stack(text: &str) -> Result<Vec<StackEntry>> {
// eventually, this should be updated to support multiple callstack formats
asan::parse_asan_call_stack(text)
}
fn digest_iter(data: impl IntoIterator<Item = impl AsRef<[u8]>>, depth: Option<usize>) -> String {
let mut ctx = Sha256::new();
if let Some(depth) = depth {
for frame in data.into_iter().take(depth) {
ctx.update(frame);
}
} else {
for frame in data {
ctx.update(frame);
}
}
hex::encode(ctx.finalize())
}
#[cfg(test)]
mod tests {
use super::CrashLog;
use anyhow::{Context, Result};
use pretty_assertions::assert_eq;
use serde_json;
use std::fs;
use std::path::Path;
fn check_dir(
src_dir: &Path,
expected_dir: &Path,
skip_files: Vec<&str>,
skip_minimized_check: Vec<&str>,
) -> Result<()> {
// TODO: once the stack trace data from clusterfuzz is added, these should be removed
if !src_dir.exists() {
eprintln!("no sources to check");
return Ok(());
}
if !expected_dir.exists() {
eprintln!("no destinations to check");
return Ok(());
}
for entry in fs::read_dir(src_dir)? {
let path = entry?.path();
if !path.is_file() {
eprintln!("only checking files: {}", path.display());
continue;
}
let file_name = path.file_name().unwrap().to_str().unwrap();
if skip_files.contains(&file_name) {
eprintln!("skipping file: {}", file_name);
continue;
}
let data_raw =
fs::read_to_string(&path).with_context(|| format!("reading {}", path.display()))?;
let data = data_raw.replace("\r\n", "\n");
let parsed = CrashLog::parse(data.clone()).with_context(|| {
format!(
"parsing\n{}\n{}\n\n{}",
path.display(),
data,
path.display()
)
})?;
if !skip_minimized_check.contains(&file_name) {
if !parsed.call_stack.is_empty() && !parsed.full_stack_names.is_empty() {
assert!(
!parsed.minimized_stack.is_empty(),
"minimized call stack got reduced to nothing {}",
path.display()
);
}
}
let mut expected_path = expected_dir.join(&file_name);
expected_path.set_extension("json");
if !expected_path.is_file() {
eprintln!(
"missing expected result: {} - {}",
path.display(),
expected_path.display()
);
continue;
}
let expected_data = fs::read_to_string(&expected_path)?;
let expected: CrashLog = serde_json::from_str(&expected_data)?;
assert_eq!(expected, parsed, "{}", path.display());
}
Ok(())
}
#[test]
fn test_asan_log_parse() -> Result<()> {
let src_dir = Path::new("data/stack-traces/");
let expected_dir = Path::new("data/parsed-traces/");
let skip_files = vec![];
let skip_minimized_check = vec!["asan-odr-violation.txt"];
check_dir(src_dir, expected_dir, skip_files, skip_minimized_check)?;
Ok(())
}
#[test]
fn test_clusterfuzz_traces() -> Result<()> {
let src_dir = Path::new("../libclusterfuzz/data/stack-traces/");
let expected_dir = Path::new("../libclusterfuzz/data/parsed-traces/");
let skip_files = vec![
// fuchsia libfuzzer
"fuchsia_ignore.txt",
"fuchsia_reproducible_crash.txt",
// other (non-libfuzzer)
"android_null_stack.txt",
"android_security_dcheck_failure.txt",
"assert_in_drt_string.txt",
"check_failure_android_media.txt",
"check_failure_android_media2.txt",
"check_failure_chrome.txt",
"check_failure_chrome_android.txt",
"check_failure_chrome_android2.txt",
"check_failure_chrome_mac.txt",
"check_failure_chrome_media.txt",
"check_failure_chrome_win.txt",
"check_failure_with_assert_message.txt",
"check_failure_with_comparison.txt",
"check_failure_with_comparison2.txt",
"check_failure_with_handle_sigill=0.txt",
"generic_segv.txt",
"ignore_libc_if_symbolized.txt",
"keep_libc_if_unsymbolized.txt",
"missing_library_android.txt",
"missing_library_linux.txt",
"oom.txt",
"stack_filtering.txt",
// java
"java_IllegalStateException.txt",
"java_fatal_exception.txt",
// cdb
"cdb_divide_by_zero.txt",
"cdb_integer_overflow.txt",
"cdb_other.txt",
"cdb_read.txt",
"cdb_read_x64.txt",
"cdb_stack_overflow.txt",
// gdb
"gdb_sigtrap.txt",
// v8 panic
"ignore_asan_warning.txt",
"security_check_failure.txt",
"security_dcheck_failure.txt",
"v8_check.txt",
"v8_check_eq.txt",
"v8_check_symbolized.txt",
"v8_check_windows.txt",
"v8_correctness_failure.txt",
"v8_fatal_error_no_check.txt",
"v8_fatal_error_partial.txt",
"v8_javascript_assertion_should_pass.txt",
"v8_oom.txt",
"v8_representation_changer_error.txt",
"v8_runtime_error.txt",
"v8_unimplemented_code.txt",
"v8_unknown_fatal_error.txt",
"v8_unreachable_code.txt",
"v8_dcheck_symbolized.txt",
// golang
"golang_fatal_error_stack_overflow.txt",
"golang_panic_custom_short_message.txt",
"golang_panic_runtime_error_slice_bounds_out_of_range.txt",
"golang_new_crash_type_and_asan_abrt.txt",
"golang_panic_runtime_error_index_out_of_range_with_msan.txt",
"golang_panic_runtime_error_index_out_of_range.txt",
"golang_panic_runtime_error_integer_divide_by_zero.txt",
"golang_panic_runtime_error_invalid_memory_address.txt",
"golang_panic_runtime_error_makeslice_len_out_of_range.txt",
"golang_panic_with_type_assertions_in_frames.txt",
"golang_sigsegv_panic.txt",
"golang_generic_fatal_error_and_asan_abrt.txt",
"golang_asan_panic.txt",
"golang_generic_panic_and_asan_abrt.txt",
// linux kernel
"android_kernel.txt",
"android_kernel_no_parens.txt",
"kasan_gpf.txt",
"kasan_null.txt",
"kasan_oob_read.txt",
"kasan_syzkaller.txt",
"kasan_syzkaller_android.txt",
"kasan_uaf.txt",
// ???
"asan_in_drt_string.txt",
// cfi check
"cfi_bad_cast_indirect_fc.txt",
"cfi_invalid_vtable.txt",
"cfi_nodebug.txt",
"cfi_unrelated_vtable.txt",
// UBSAN - TODO - these should be handled
"ubsan_bad_cast_downcast.txt",
"ubsan_integer_overflow_addition.txt",
"ubsan_non_positive_vla_bound_value.txt",
"ubsan_null_pointer_member_call.txt",
"ubsan_object_size.txt",
"ubsan_pointer_overflow.txt",
"ubsan_unsigned_integer_overflow.txt",
// HWAddressSanitizer TODO - these should get handled
"hwasan_tag_mismatch.txt",
// TODO - needs fixed
"android_asan_uaf.txt",
// TODO - needs fixed, multi-line ASAN entry
"sanitizer_signal_abrt_unknown.txt",
];
let skip_minimized_check = vec![
"clang-10-asan-breakpoint.txt",
"asan-check-failure-missing-symbolizer.txt",
// TODO: handle seeing LLVMFuzzerTestOneInput but not seeing the
// source file name
"libfuzzer_deadly_signal.txt",
"lsan_direct_leak.txt",
];
check_dir(src_dir, expected_dir, skip_files, skip_minimized_check)?;
Ok(())
}
}