jagunter commented 3 years ago

Am only observing this for my 32-bit binary. For the equivalent 64-bit binary the coverage the task doesn't appear to be failing. Can see from the error message that LibFuzzer is finding the 8-bit counters. Perhaps an issue with 32-bit symbols having an additional underscore?

tasks with errors:                                                                                                                                                                                                                                                  [32/10443]9246f5c1 type:libfuzzer_coverage target:[removed]
error:
task failed. exit_status:code=1 signal=None success=False

core.dll
[+] processing [dll]
[+] no tables  [dll]
[+] (repeated several times for various DLLs)
Error: unable to find sancov counter symbols [at DumpCounters (line 114 col 9)]
quit:
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers\winrt.natvis'
JavaScript script unloaded from 'C:\onefuzz\tools\win64\libfuzzer-coverage\DumpCounters.js'

debugger stderr: INFO: Seed: 425583601
INFO: Loaded 2 modules   (116468 inline 8-bit counters): 4 [00229000, 00229004), 116464 [750B2000, 750CE6F0),
setup/[removed]: Running 1 inputs 1 time(s) each.
Running: task_readonly_inputs_2\00136a38...
Executed task_readonly_inputs_2\00136a38... in 4 ms
***
*** NOTE: fuzzing was not performed, you have only
***       executed the target code on a fixed set of inputs.
***

jagunter commented 3 years ago

Job id (32-bit): ca5c8706-7e30-4990-9916-cea01f5ffb05
Job id (64-bit): 49856048-391e-4deb-bfa2-fe994c5bcd43
Coverage container: oft-coverage-379231f47763565d9f8e42aedf109f4b

bmc-msft commented 3 years ago

The underlying issue was not 32bit vs 64bit, but DLLs that would unregister before we had a chance to extract the coverage information.

microsoft / onefuzz

LibFuzzer coverage task fails for x86 binaries #708

713 addresses the issue.