Comments (14)
jonathanmetzman
commented on August 19, 2024
2
To clarify since I think this issue has caused some confusion, for a binary to be recognized as a fuzzer it should have a function called LLVMFuzzerTestOneInput. The logic for determining if a binary is a fuzzer is here.
The libFuzzer target someone gives to ClusterFuzz doesn't necessarily need to be compiled with -fsanitize=fuzzer but it should be a working libFuzzer target. -fsanitize=fuzzer-no-link does not do this, -fsanitize=fuzzer can do this but it is not the only way.
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
Thanks a lot for this report.
Is this also with the heartbleed example? And are you using the local development setup or the production one?
For some reason, this seems to be saying ClusterFuzz can't find any binaries to fuzz.
Let's try two things:
-
Can you run one of the fuzzer binaries you uploaded in the build?
Assuming this is the heartbleed example:./handshake-fuzzer -runs=0 -
Can you post the output of
ls ~/$BOT_DIR/clusterfuzz/bot/builds/*/custom/*, where$BOT_DIRis the directory you passed topython butler.py run_bot?
Thanks!
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
Also, could you please post all of your bot.log? This may help as well.
from clusterfuzz.
vadi2
commented on August 19, 2024
Heartbleed example works okay, it's just my example that's having trouble!
This is a local deployment.
My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...
ls clusterfuzz/bot/builds/*/custom/*
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/handshake-fuzzer
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/REVISION
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.key
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.pem
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/REVISION
from clusterfuzz.
vadi2
commented on August 19, 2024
Here's the log - it's a bit big, I've started running the heartbleed example.
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
Heartbleed example works okay,
Phew!
it's just my example that's having trouble!
OK let's try to figure this out.
This is a local deployment.
My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...
ls clusterfuzz/bot/builds/*/custom/* clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/handshake-fuzzer clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/REVISION clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.key clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.pem clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/REVISION
What happens when you run ./clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet -runs=0?
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
Here's the log - it's a bit big, I've started running the heartbleed example.
Thanks, taking a look now.
from clusterfuzz.
vadi2
commented on August 19, 2024
Mudlet starts OK:
./clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet -runs=0
Could not find Discord library - searched in:
"/usr/lib/x86_64-linux-gnu/qt5/plugins"
"/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom"
mudlet::mudlet() INFO - Seeking Mudlet translations files in: "/usr/share/qt5/translations"
mudlet::mudlet() INFO - Seeking Mudlet translations files in: ":/lang"
mudlet::mudlet() Failed to load translation file "mudlet_el_GR.qm" from ":/lang"
mudlet::mudlet() Failed to load translation file "mudlet_en_US.qm" from ":/lang"
mudlet::mudlet() INFO - loading Mudlet: "en_US" translations from: "mudlet_en_US.qm"
mudlet::mudlet() ERROR - Failed to directly load a translator for: "en_US" a translation to the specified language will not be available
mudlet::mudlet() Failed to load translation file "mudlet_zh_TW.qm" from ":/lang"
cTelnet::encodingChanged("UTF-8") INFO - Installing a codec for OOB protocols that can handle: ()
=================================================================
==8507==ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x602000113ef0
#0 0x595d08 in operator delete(void*) (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x595d08)
#1 0x8bc6dd in edbee::BasePListParser::endParsing() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/baseplistparser.cpp:70:5
#2 0x8a440d in edbee::TmLanguageParser::parse(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:39:10
#3 0x8a6321 in edbee::TmLanguageParser::parse(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:56:31
#4 0x8c9dc0 in edbee::TextGrammarManager::readGrammarFile(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/models/textgrammar.cpp:300:35
#5 0x11ba205 in mudlet::initEdbee() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:586:21
#6 0x119abd2 in mudlet::mudlet() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:559:5
#7 0x1182ff5 in mudlet::start() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:124:17
#8 0x1180986 in main /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/main.cpp:496:5
#9 0x7f62933dc09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16
#10 0x489539 in _start (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x489539)
0x602000113ef0 is located 0 bytes inside of 8-byte region [0x602000113ef0,0x602000113ef8)
allocated by thread T0 here:
#0 0x558cb7 in __interceptor_malloc (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x558cb7)
#1 0x78baed in debug_malloc(unsigned long, char const*, int) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/util/mem/debug_new.cpp:30:15
#2 0x78c3a0 in operator new(unsigned long, char const*, int) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/util/mem/debug_new.cpp:74:15
#3 0x8bb39d in edbee::BasePListParser::beginParsing(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/baseplistparser.cpp:51:12
#4 0x8a435c in edbee::TmLanguageParser::parse(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:34:9
#5 0x8a6321 in edbee::TmLanguageParser::parse(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:56:31
#6 0x8c9dc0 in edbee::TextGrammarManager::readGrammarFile(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/models/textgrammar.cpp:300:35
#7 0x11ba205 in mudlet::initEdbee() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:586:21
#8 0x119abd2 in mudlet::mudlet() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:559:5
#9 0x1182ff5 in mudlet::start() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:124:17
#10 0x1180986 in main /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/main.cpp:496:5
#11 0x7f62933dc09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: alloc-dealloc-mismatch (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x595d08) in operator delete(void*)
==8507==HINT: if you don't care about these errors you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==8507==ABORTING
(well, when I enable that ASAN_OPTIONS=alloc_dealloc_mismatch=0 option. Unfortunately this is a 3rd party library that's redefining new/delete 😞 )
from clusterfuzz.
vadi2
commented on August 19, 2024
I tried adding ASAN_OPTIONS=alloc_dealloc_mismatch=0 to the jobs environment variables page, but it did not seem have helped.
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
I tried adding
ASAN_OPTIONS=alloc_dealloc_mismatch=0to the jobs environment variables page, but it did not seem have helped.
The ASan crash seems to be a separate issue. Let's handle the first one which is ClusterFuzz not recognizing your binary as a fuzzer.
My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...
I think I know what the issue is.
Did you compile mudlet with -fsanitize=fuzzer (or with AFL?)
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
Remember, your custom build shouldn't actually be the entire binary of the program you want to fuzz. It should be a unittest-like program whose entry point is LLVMFuzzerTestOneInput and is compiled for libFuzzer or AFL (I don't see LLVMFuzzerTestOneInput in your stacktrace, so I guess you didn't do this?).
from clusterfuzz.
vadi2
commented on August 19, 2024
With -fsanitize=address,fuzzer-no-link specifically (it complained about main() already defined).
from clusterfuzz.
vadi2
commented on August 19, 2024
Nope, haven't done that, wanted to see what would happen / did not understand the contept of the glue code program at that time. Perhaps this is just the resulting error then.
from clusterfuzz.
jonathanmetzman
commented on August 19, 2024
With
-fsanitize=address,fuzzer-no-linkspecifically (it complained aboutmain()already defined).
Ah this is the issue. The program you give to ClusterFuzz must be compiled with -fsanitize=fuzzer at some point (assuming you aren't doing blackbox fuzzing or AFL).
I strongly recommend libFuzzer though. Probably best to read the libFuzzer docs so you understand how to make a libFuzzer-based target. Once you have one, you can upload it to ClusterFuzz.
Nope, haven't done that, wanted to see what would happen / did not understand the contept of the glue code program at that time. Perhaps this is just the resulting error then.
Maybe we should make this clearer in the docs.
Good luck and let us know if you run into other trouble.
from clusterfuzz.
Related Issues (20)
- Allow custom builds in nonprivileged execution HOT 1
- Ensure that impact tasks aren't run on non-chrome projects
- Fix issues with zero size thread pools. HOT 1
- clusterfuzz service crashing on fuzzbots HOT 2
- Investigate queue backlog HOT 8
- Rate limit task retries.
- Get rid of unwanted lines stat
- Fix uploading of custom builds.
- Unable to access clusterfuzz HOT 2
- Fix issue where global variables are causing tests to pass when they should fail HOT 1
- Figure out the future of peach in CF HOT 2
- Remove cap on weight based on fuzz targets HOT 1
- Add a retry for batch failures
- Decide if we want to keep email feature
- Investigate if chromium-tests-syncer works
- Lint src/python and src/scripts more often
- Fix linting errors in src/local/butler/scripts/setup.py HOT 2
- Deployment broken by python package upgrade
- Upgrade to python3.11 HOT 8
- Fix firebase login HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clusterfuzz.