search

google / atheris

Apache License 2.0
1.38k stars 111 forks source link

WARNING: Failed to find function "__sanitizer_acquire_crash_state". #39

Closed Volker-Weissmann closed 2 years ago

Volker-Weissmann commented 2 years ago

I tried to reproduce the example, but failed:

$ pip install atheris                                                                  
Defaulting to user installation because normal site-packages is not writeable
Collecting atheris
  Using cached atheris-2.0.12-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (29.2 MB)
Installing collected packages: atheris
Successfully installed atheris-2.0.12
$ python myfuzz.py                                                                     
INFO: Using built-in libfuzzer
WARNING: Failed to find function "__sanitizer_acquire_crash_state".
WARNING: Failed to find function "__sanitizer_print_stack_trace".
WARNING: Failed to find function "__sanitizer_set_death_callback".
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 925967955
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2  INITED exec/s: 0 rss: 35Mb
ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting.
$

Building from source shows the same problem.

System Information:

OS: ArchLinux

$ python --version
Python 3.10.6
$ llvm-config --version                                                                
14.0.6
$ clang --version
clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

The llvm fuzzer seems to be working:

$ clang main.cpp -fsanitize=fuzzer,undefined,address                                   
$ ./a.out                                                                              
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2166017756
INFO: Loaded 1 modules   (1 inline 8-bit counters): 1 [0x56553ef3fbe0, 0x56553ef3fbe1), 
INFO: Loaded 1 PC tables (1 PCs): 1 [0x56553ef3fbe8,0x56553ef3fbf8), 
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2  INITED cov: 1 ft: 1 corp: 1/1b exec/s: 0 rss: 31Mb
^J==18337== libFuzzer: run interrupted; exiting
$
AidenRHall commented 2 years ago

Hey Volker, thanks for bringing this to our attention. I wasn't able to recreate this locally, even using the 2.0.9 atheris release. Can we assume you've tried following the steps at https://github.com/google/atheris/blob/master/README.md#why-am-i-getting-no-interesting-inputs-were-found? Also, I still see the warnings from the issue title when using atheris 2.0.9, do you believe these warnings are directly related to the error, and if so why?

$ python fuzzing_example.py   
INFO: Instrumenting struct                                                                                           
INFO: Instrumenting _struct                                                                                          
WARNING: It looks like this module is imported by a custom loader. Atheris has experimental support for this. However
, it may be incompatible with certain libraries. If you experience unusual errors or poor coverage collection, try at
heris.instrument_all() instead, add enable_loader_override=False to instrument_imports(), or file an issue on GitHub.
INFO: Instrumenting example_library                                                                                  
INFO: Using built-in libfuzzer                                                                                       
WARNING: Failed to find function "__sanitizer_acquire_crash_state".                                                  
WARNING: Failed to find function "__sanitizer_print_stack_trace".                                                    
WARNING: Failed to find function "__sanitizer_set_death_callback".                                                   
INFO: Running with entropic power schedule (0xFF, 100).                                                              
INFO: Seed: 832493877                                                                                                
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes                            
INFO: A corpus is not provided, starting from an empty corpus                                                        
#2      INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 35Mb                                                           
#4      NEW    cov: 5 ft: 5 corp: 2/5b lim: 4 exec/s: 0 rss: 35Mb L: 4/4 MS: 2 InsertByte-CopyPart-                  

 === Uncaught Python exception: ===
RuntimeError: Number was seventeen!
Traceback (most recent call last):
  File "/usr/local/google/home/aidenhall/ath-github-test/src/example_fuzzers/fuzzing_example.py", line 45, in TestOne
Input
    example_library.CodeBeingFuzzed(number)
  File "/usr/local/google/home/aidenhall/ath-github-test/src/example_fuzzers/example_library.py", line 19, in CodeBei
ngFuzzed
    raise RuntimeError('Number was seventeen!')

==2239698== ERROR: libFuzzer: fuzz target exited
SUMMARY: libFuzzer: fuzz target exited
MS: 3 ChangeBit-CMP-ChangeBit- DE: "\x01\x00\x00\x00"-; base unit: be07e0bd43fa2e40026f7b6b972ce6ed62b4b5b0
0x11,0x0,0x0,0x0,
\x11\x00\x00\x00
artifact_prefix='./'; Test unit written to ./crash-498bcbf6cbffcc8dd2623f388d81f44cfad1014d
Base64: EQAAAA==
Volker-Weissmann commented 2 years ago

Turns out, I'm just really, really stupid. The example in your Readme works fine, what does not work is this old blogpost (unless you add @atheris.instrument_func).