setup/fuzz.exe - AddressSanitizer: SEGV /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c in LLVMFuzzerTestOneInput

[chkeita]

Files

• input: crash-7f4634e7d403c1a77588fb4890a20b46b15c1976
• exe: setup/fuzz.exe
• report: c2c215c90fb1e7c4dc666583b58acddfce234b443afbbbc42ae71470ee8ac831.json

Repro

onefuzz --endpoint https://chkeitaonefuzz2.azurewebsites.net repro create_and_connect oft-reports-cecbd958a1f257688f9768edaaf6c94d c2c215c90fb1e7c4dc666583b58acddfce234b443afbbbc42ae71470ee8ac831.json

Call Stack

#1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x43b271)
#2 0x423767 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x423767)
#3 0x429741 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x429741)
#4 0x4557a2 in main (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x4557a2)
#5 0x7ffff6a99bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#6 0x41db59 in _start (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x41db59)

ASAN Log

INFO: Loaded 1 modules   (22 inline 8-bit counters): 22 [0x738f28, 0x738f3e), 
INFO: Loaded 1 PC tables (22 PCs): 22 [0x5144a8,0x514608), 
setup/fuzz.exe: Running 1 inputs 1 time(s) each.
Running: /onefuzz/31d26042-d084-40f8-88ce-7fb847fcf606/task_crashes_1/crash-7f4634e7d403c1a77588fb4890a20b46b15c1976
AddressSanitizer:DEADLYSIGNAL
=================================================================
==4901==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004fd34a bp 0x7fffffffe450 sp 0x7fffffffe240 T0)
==4901==The signal is caused by a WRITE memory access.
==4901==Hint: address points to the zero page.
    #0 0x4fd349 in LLVMFuzzerTestOneInput /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c
    #1 0x43b271 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x43b271)
    #2 0x423767 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x423767)
    #3 0x429741 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x429741)
    #4 0x4557a2 in main (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x4557a2)
    #5 0x7ffff6a99bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #6 0x41db59 in _start (/onefuzz/blob-containers/fuzz27ee6imdmr5gy/fuzz.exe+0x41db59)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/runner/work/onefuzz/onefuzz/src/integration-tests/libfuzzer/simple.c in LLVMFuzzerTestOneInput
==4901==ABORTING

[chkeita]

Duplicate found.

• input: crash-e0fcfb62c19f54af4283ab06ee51c7b068d46586
• exe: setup/fuzz.exe
• report: be9730f4f670058288f2e51f06c8e0aade656d86029f201559e166248dfa15fc.json

[chkeita]

Duplicate found.

• input: crash-3e9f85d2716cf2a58fd7e135d99050b57f7cb8b2
• exe: setup/fuzz.exe
• report: 4cffb16033b47fada4ae1945f8d9c620e275beda2d6cd3b9721085577286d38d.json

[chkeita]

Duplicate found.

• input: crash-d6ec965665c8f9ca19def3a3f82c364eae43179d
• exe: setup/fuzz.exe
• report: 99c4cac6fd4e16d37789c1fced52d2987084847b54814a0e3f89ef066cf4bce9.json

[chkeita]

Duplicate found.

• input: crash-7220ca21e7fd56a9d62418609be59f0692cec071
• exe: setup/fuzz.exe
• report: c879b89f58fb0894975076df2de4a3e24027fe5c6b1100206465a1c18c25a3ab.json

[chkeita]

Duplicate found.

• input: crash-33b188396e62854de551d134fb942c1ec2314fbb
• exe: setup/fuzz.exe
• report: 9e8867d272787cb49d7d24ce9b0e07825cd588437dc0f1debd51477219354bb5.json