search

RUB-SysSec / aurora

Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
GNU Affero General Public License v3.0
149 stars 20 forks source link

thread 'main' panicked at 'assertion failed: `(left == right)` #3

Closed Clingto closed 3 years ago

Clingto commented 3 years ago 
Hi, I run the rca component  and get the bellow error, could you give me some advice?
Thanks

package:   /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
    Finished release [optimized] target(s) in 0.04s
     Running `target/release/rca --eval-dir /home/user/test/gpac_4c19ae5 --trace-dir /home/user/test/gpac_4c19ae5 --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
204 crashes and 900 non-crashes
filling cfg
calculating scores
dumping linear scores
trace analysis time: 3.171809017 seconds
monitoring predicates
thread 'main' panicked at 'assertion failed: `(left == right)`
  left: `0`,
 right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
   0:     0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
   5:     0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
   6:     0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
 right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
   0:     0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
   5:     0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
   6:     0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x5555556675eb - std::panicking::default_hook::{{closure}}::ha522601c22d7057b
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:208:50
   9:     0x5555556670c1 - std::panicking::default_hook::hd50ab173af9a3ce8
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:225:9
  10:     0x555555667c91 - std::panicking::rust_panic_with_hook::hb5a01416e02405ad
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:622:17
  11:     0x555555667797 - std::panicking::begin_panic_handler::{{closure}}::hf1dda5d5c0706ee0
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:519:13
  12:     0x555555665a1c - std::sys_common::backtrace::__rust_end_short_backtrace::h56c02e9609085b17
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:141:18
  13:     0x5555556676f9 - rust_begin_unwind
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:515:5
  14:     0x555555573491 - core::panicking::panic_fmt::hc774f6c679779106
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/panicking.rs:92:14
  15:     0x555555688078 - core::panicking::assert_failed_inner::hf344cab8a95f284d
  16:     0x55555556851b - core::panicking::assert_failed::h02097acf3d38c072
  17:     0x55555558624b - root_cause_analysis::monitor::executable::h62166ffef4ddce96
  18:     0x555555585ef5 - root_cause_analysis::monitor::cmd_line::h446164ae153890dc
  19:     0x555555584e7a - root_cause_analysis::monitor::monitor_predicates::h0d0a1f658c7216e4
  20:     0x5555555742a0 - rca::main::h215c2f82f7fcaa9d
  21:     0x555555573d33 - std::sys_common::backtrace::__rust_begin_short_backtrace::h076879d3a1d184b9
  22:     0x5555555745a9 - std::rt::lang_start::{{closure}}::h889b99bfec037d3e
  23:     0x555555668289 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::ha2e6a00894110f5e
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/ops/function.rs:259:13
  24:     0x555555668289 - std::panicking::try::do_call::h2aa095b10fbe4433
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:401:40
  25:     0x555555668289 - std::panicking::try::h342ee7e6dfa7b563
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:365:19
  26:     0x555555668289 - std::panic::catch_unwind::ha70b20d9f0bb209a
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panic.rs:434:14
  27:     0x555555668289 - std::rt::lang_start_internal::hf51cfe9f287a8911
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/rt.rs:34:21
  28:     0x555555574592 - main
  29:     0x7ffff7c660b3 - __libc_start_main
  30:     0x555555573c6e - _start
  31:                0x0 - <unknown>
Clingto commented 3 years ago 
The tracing component  seems not running correctly.

INFO: Using files at /home/user/test/gpac_4c19ae5/inputs
INFO: Generating temporary directory at /tmp/tm/
INFO: Processing 1104 files in 2 subdirs at /home/user/test/gpac_4c19ae5/inputs
INFO: Done processing 1104 files in 101.18719720840454s (on average 2.9329622379247695s per input)
INFO: STATS: traced 1104/1104 files in 101.18719720840454s with 32 cores for /home/user/test/gpac_4c19ae5/inputs
INFO: killall MP4Box
MP4Box: no process found
INFO: Moving files from /tmp/tm/ to /home/user/test/gpac_4c19ae5/traces
INFO: Deleting temporary directory /tmp/tm/
INFO: Cleanup time: 0.002924203872680664s
INFO: Total execution time: 101.2074601650238s
INFO: Finished tracing run
{"heap_start": 93824996319232, "heap_end": 93824996466688, "stack_start": 140737488216064, "stack_end": 140737488351232}
Dumping to /home/user/test/gpac_4c19ae5/addresses.json

I run AFL with the command
# run AFL
timeout 43200 $AFL_DIR/afl-fuzz -C -d -m none -i seed -o $AFL_WORKDIR -- $EVAL_DIR/MP4Box_fuzz -diso @@ -out /dev/null

#tracing
when tracing, where should I config the argument:  MP4Box_trace -diso @@ -out /dev/null
Is the usage like bellow?
python3 tracing.py "$EVAL_DIR/MP4Box_trace -diso @@ -out /dev/null" $EVAL_DIR/inputs $EVAL_DIR/traces
mu00d8 commented 3 years ago

Hi, the rca component fails to find the MP4Box_trace executable in the evaluation directory, which is neeeded for monitoring. Can you check whether /home/user/test/gpac_4c19ae5/MP4Box_trace exists?

Your commands to run AFL and tracing look good and should work just fine.

Clingto commented 3 years ago

MP4Box_trace existed and can work with the command. /home/user/test/gpac_4c19ae5/MP4Box_trace -diso $POC -out /dev/null

Clingto commented 3 years ago

Additionally, my origion binary is /home/user/test/gpac_4c19ae5/SRC_bin/build/bin/MP4Box should I rename it to /home/user/test/gpac_4c19ae5/SRC_bin/build/bin/MP4Box_trace

dhbbb commented 2 years ago

Hello,

MP4Box_trace existed and can work with the command. /home/user/test/gpac_4c19ae5/MP4Box_trace -diso $POC -out /dev/null

Hello, I seem to have the same problem as you, has your problem been solved?

Clingto commented 2 years ago

Reduce fuzzing time.

---Original--- From: @.> Date: Fri, Mar 25, 2022 17:10 PM To: @.>; Cc: @.>;"State @.>; Subject: Re: [RUB-SysSec/aurora] thread 'main' panicked at 'assertion failed:(left == right) (#3)

Hello,

MP4Box_trace existed and can work with the command. /home/user/test/gpac_4c19ae5/MP4Box_trace -diso $POC -out /dev/null

Hello, I seem to have the same problem as you, has your problem been solved?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.***>