search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.12k stars 2.15k forks source link

[Centipede] CF table dumping failed; llvm-symbolizer: not found #12124

Open kasper93 opened 6 days ago

kasper93 commented 6 days ago 
E0625 08:40:15.703306 1992378 control_flow.cc:117] CF table dumping failed: cmd.ToString()=CENTIPEDE_RUNNER_FLAGS=:dump_cf_table:arg1=/tmp/centipede-1992378-138233277511488/cf_table: \
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_load_config_file \
> /dev/null \
2>&1 cmd_exit_code=1
I0625 08:40:15.703341 1992378 centipede_callbacks.cc:65] Could not get CFTable from /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_load_config_file
The binary should be built with clang 16 and with -fsanitize-coverage=control-flow flag.
sh: 1: llvm-symbolizer: not found
E0625 08:40:15.745668 1992378 symbol_table.cc:81] system() failed: cmd.ToString()=llvm-symbolizer \
--no-inlines \
-e \
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_load_config_file \
< \
/tmp/centipede-1992378-138233277511488/sym-tmp1 \
> /tmp/centipede-1992378-138233277511488/sym-tmp2 exit_code=127

Is this expected?

DonggeLiu commented 5 days ago

HI @kasper93, may I ask where is the log from? I found a similar log in our bucket, but it appears the fuzzer is running:

Component revisions (build r202406260622):
Mpv: 22fc2e6af3a89db325b3191a3775a373020d562f
Ffmpeg: 41190da9e11f536cb590df45ce9839974e5e6777

Bot name: oss-fuzz-linux-zone3-host-lg2b-8
Return code: 1

Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/centipede -exit_on_crash=1 -fork_server=1 -rss_limit_mb=4096 -address_space_limit_mb=4096 -timeout_per_input=25 -workdir=/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-322201/workdir -corpus_dir=/mnt/scratch0/clusterfuzz/bot/inputs/data-bundles/mpv_fuzzer_set_property_MPV_FORMAT_DOUBLE_0 -binary=/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_set_property_MPV_FORMAT_DOUBLE_0 -extra_binaries=/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/__extra_build/fuzzer_set_property_MPV_FORMAT_DOUBLE_0
Time ran: 8410.026769638062

I0626 21:26:58.757028 1713764 environment.cc:365] --timeout_per_batch default wasn't overridden; auto-computed to be 1127 sec (see --help for details)
I0626 21:26:59.279317 1713764 centipede.cc:177] shard=0 inputs_added=2167 inputs_ignored=0 num_shard_bytes=0 shard_data.size()=0
I0626 21:26:59.280064 1713764 centipede_interface.cc:220] Coverage dir: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-322201/workdir/fuzzer_set_property_MPV_FORMAT_DOUBLE_0-7f5f5664d2b4ceceb1e68a497618384062977b70; temporary dir: /tmp/centipede-1713764-137423216748352
I0626 21:26:59.282036 1713764 centipede_default_callbacks.cc:36] Detecting custom mutator in target...
I0626 21:26:59.299773 1713764 centipede_default_callbacks.cc:44] Custom mutator undetected or misbehaving: will use built-in
I0626 21:26:59.299793 1713764 centipede_default_callbacks.cc:45] external_mutator_ran=false mutants.size()=0
E0626 21:26:59.351892 1713764 control_flow.cc:117] CF table dumping failed: cmd.ToString()=CENTIPEDE_RUNNER_FLAGS=:dump_cf_table:arg1=/tmp/centipede-1713764-137423216748352/cf_table: \
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_set_property_MPV_FORMAT_DOUBLE_0 \
> /dev/null \
2>&1 cmd_exit_code=1
I0626 21:26:59.351930 1713764 centipede_callbacks.cc:65] Could not get CFTable from /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_set_property_MPV_FORMAT_DOUBLE_0
The binary should be built with clang 16 and with -fsanitize-coverage=control-flow flag.
sh: 1: llvm-symbolizer: not found
E0626 21:26:59.376717 1713764 symbol_table.cc:81] system() failed: cmd.ToString()=llvm-symbolizer \
--no-inlines \
-e \
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-centipede_mpv_99ca7f7a3bba7521691fc5dbb6afeb321b2ac6d5/revisions/fuzzer_set_property_MPV_FORMAT_DOUBLE_0 \
< \
/tmp/centipede-1713764-137423216748352/sym-tmp1 \
> /tmp/centipede-1713764-137423216748352/sym-tmp2 exit_code=127
I0626 21:26:59.393025 1713800 centipede_default_callbacks.cc:36] Detecting custom mutator in target...
I0626 21:26:59.408096 1713800 centipede_default_callbacks.cc:44] Custom mutator undetected or misbehaving: will use built-in
I0626 21:26:59.408122 1713800 centipede_default_callbacks.cc:45] external_mutator_ran=false mutants.size()=0
I0626 21:26:59.412229 1713800 centipede.cc:621] Shard: 0/1 /tmp/centipede-1713764-137423214577408 seed: 137424935728391

I0626 21:26:59.417493 1713800 centipede.cc:234] [S0.0] begin-fuzz: ft: 0 corp: 0/0 max/avg: 0/0 d0/f0 exec/s: 0 mb: 35
I0626 21:26:59.422336 1713800 centipede.cc:438] 2167 inputs to rerun
I0626 21:27:11.216079 1713800 centipede.cc:234] [S0.1000] rerun-old: ft: 5958 cov: 1018 cmp: 4940 corp: 200/200 max/avg: 3079/206 d0/f3 exec/s: 0 mb: 83
I0626 21:27:22.954509 1713800 centipede.cc:234] [S0.2000] rerun-old: ft: 6037 cov: 1023 cmp: 5014 corp: 245/245 max/avg: 3079/192 d0/f4 exec/s: 0 mb: 84
I0626 21:27:25.126505 1713800 centipede.cc:234] [S0.2167] rerun-old: ft: 6046 cov: 1023 cmp: 5023 corp: 252/252 max/avg: 3079/196 d0/f4 exec/s: 0 mb: 84
I0626 21:27:25.126696 1713800 centipede.cc:234] [S0.2167] init-done: ft: 6046 cov: 1023 cmp: 5023 corp: 252/252 max/avg: 3079/196 d0/f4 exec/s: 0 mb: 84
I0626 21:27:25.126882 1713800 centipede.cc:547] Generate rusage report: env_.my_shard_index=0 Before fuzzing path=/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases-disk/temp-322201/workdir/rusage-report-fuzzer_set_property_MPV_FORMAT_DOUBLE_0.000000.initial.txt
I0626 21:27:35.896952 1713800 centipede.cc:234] [S0.1000] new-feature: ft: 6052 cov: 1023 cmp: 5029 corp: 257/257 max/avg: 3079/193 d0/f4 exec/s: 93 mb: 84
I0626 21:27:44.792566 1713800 centipede.cc:234] [S0.2000] new-feature: ft: 6059 cov: 1023 cmp: 5036 corp: 263/263 max/avg: 3079/189 d0/f4 exec/s: 102 mb: 84
I0626 21:27:54.544382 1713800 centipede.cc:234] [S0.3000] new-feature: ft: 6060 cov: 1023 cmp: 5037 corp: 264/264 max/avg: 3079/188 d0/f4 exec/s: 102 mb: 84
kasper93 commented 4 days ago

HI @kasper93, may I ask where is the log from? I found a similar log in our bucket, but it appears the fuzzer is running:

Yes, I'm not saying it is not running. That's why I asked if this is expected. I noticed llvm-symbolizer: not found, which seems to be easily fixable by either copying the binary where needed or ensuring env_.symbolizer_path is set correctly (see centipede_callbacks.cc:50). It doesn't look critical because, as you noticed, it still runs, but clearly, something is missing here.

DonggeLiu commented 4 days ago

Right, both are not critical. I submitted the PR above to address the symbolizer error anyway.

Fixing the other one requires this:

The binary should be built with clang 16 and with -fsanitize-coverage=control-flow flag.

Unfortunately, I am unsure of a general and reliable way for OSS-Fuzz to enable this on all projects.