search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.15k stars 2.16k forks source link

infra/helper.py reproduce with centipede? #10434

Open maflcko opened 1 year ago

maflcko commented 1 year ago

Does infra/helper.py reproduce work with centipede?

Seemingly it does not:

cd oss-fuzz
git checkout 101cfd72488b96389bb60bfb17025b8f95af6fe8~1
python infra/helper.py build_fuzzers --sanitizer address --engine centipede bitcoin-core
python infra/helper.py reproduce bitcoin-core wallet_notifications ./repr.bin
INFO:__main__:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e HELPER=True -e ARCHITECTURE=x86_64 -v /root/oss-fuzz/build/out/bitcoin-core:/out -v /root/oss-fuzz/repr.bin:/testcase -t gcr.io/oss-fuzz-base/base-runner reproduce wallet_notifications -runs=100.
+ FUZZER=wallet_notifications
+ shift
+ '[' '!' -v TESTCASE ']'
+ TESTCASE=/testcase
+ '[' '!' -f /testcase ']'
+ export RUN_FUZZER_MODE=interactive
+ RUN_FUZZER_MODE=interactive
+ export FUZZING_ENGINE=libfuzzer
+ FUZZING_ENGINE=libfuzzer
+ export SKIP_SEED_CORPUS=1
+ SKIP_SEED_CORPUS=1
+ run_fuzzer wallet_notifications -runs=100 /testcase
/out/wallet_notifications -rss_limit_mb=2560 -timeout=25 -runs=100 /testcase < /dev/null
Centipede fuzz target runner; argv[0]: /out/wallet_notifications flags: (null)
error: can't open the input file

However, in https://oss-fuzz.com/testcase-detail/5189159019741184 it seems that oss-fuzz is able to reproduce with centipede?

DonggeLiu commented 1 year ago

Yep, I expect reproduce works with Centipede.

I am about to update Centipede shortly, would you mind if I come back to this after updating it, just in case this only happens with the old version of it?

maflcko commented 1 year ago

I can still observe the issue today:

python infra/helper.py build_fuzzers --sanitizer address --engine centipede bitcoin-core
touch repr.bin
python infra/helper.py reproduce bitcoin-core wallet_notifications ./repr.bin

cc @dergoegge @fanquake

fanquake commented 1 year ago

I also still see the issue.

dergoegge commented 10 months ago

It looks a little like infra/helper.py reproduce is meant to only work with libfuzzer: https://github.com/google/oss-fuzz/blob/d81e44f16c582e912f6959b1a0d9832de6bc4475/infra/base-images/base-runner/reproduce#L30-L34

maflcko commented 10 months ago

Jup, thanks. Though, in the oss-fuzz link above, a bug that was only found by centipede did claim to reproduce:


[2023-05-31 16:13:16 UTC] oss-fuzz-linux-zone1-host-24pn-14: Progression task finished: still crashes on latest revision r202305220616.
maflcko commented 2 months ago

Same for infra/helper.py run_fuzzer.