Orchestrator crash when running fuzz for potrace/CVE-2013-7437

[rshariffdeen]

/opt/fuzzer/code/fuzz: line 7:  9312 Killed                  python /opt/fuzzer/code/fuzz.py $@
ERROR: Command '/opt/fuzzer/code/fuzz --config_file /tmp/.cfgk5qrmqj8crashrepair.fuzzer. --tag potrace_CVE-2013-7437' returned non-zero exit status 137.
Traceback (most recent call last):
  File "shim.py", line 7, in <module>
  File "crashrepair/cli.py", line 146, in main
  File "crashrepair/cli.py", line 139, in main
  File "crashrepair/cli.py", line 32, in do_fuzz
  File "crashrepair/scenario.py", line 417, in fuzz
  File "crashrepair/fuzzer.py", line 241, in fuzz
  File "crashrepair/shell.py", line 53, in __call__
  File "subprocess.py", line 460, in check_returncode
subprocess.CalledProcessError: Command '/opt/fuzzer/code/fuzz --config_file /tmp/.cfgk5qrmqj8crashrepair.fuzzer. --tag potrace_CVE-2013-7437' returned non-zero exit status 137.
[8857] Failed to execute script 'shim' due to unhandled exception!

[yannicnoller]

some additional observations:

• needs larger timeout for tracer, I used subprocess_timeout=60, it took 30 sec for the poc
• I did not see the memory error but observed that the process is not killed after the default timeout of 300 sec

2023-04-24 09:04:18.922 | DEBUG    | crashrepair.shell:__call__:38 - executing: /opt/fuzzer/code/fuzz --config_file /tmp/.cfg0km7n9xrcrashrepair.fuzzer. --tag potrace_CVE-2013-7437
[24-Apr-23 09:04:19-init_log-INFO]: Output Folder: /data/vulnloc/potrace/CVE-2013-7437/fuzzer
[24-Apr-23 09:04:19-concentrate_fuzz-INFO]: Input format: bfile
[24-Apr-23 09:04:19-concentrate_fuzz-INFO]: Store all input files: False
[24-Apr-23 09:04:19-concentrate_fuzz-INFO]: Initialized the random seed -> 3
[24-Apr-23 09:04:49-concentrate_fuzz-INFO]: Finish processing the poc!
[24-Apr-23 09:04:49-concentrate_fuzz-INFO]: len(Seed Trace): 6267938
[24-Apr-23 09:05:55-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_0
[24-Apr-23 09:06:03-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_1
[24-Apr-23 09:06:10-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_2
[24-Apr-23 09:06:17-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_3
[24-Apr-23 09:06:24-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_4
[24-Apr-23 09:06:31-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_5
[24-Apr-23 09:06:37-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_6
[24-Apr-23 09:06:44-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_7
[24-Apr-23 09:06:51-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_8
[24-Apr-23 09:07:00-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_9
[24-Apr-23 09:07:08-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_10
[24-Apr-23 09:07:17-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_11
[24-Apr-23 09:07:26-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_12
[24-Apr-23 09:07:35-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_13
[24-Apr-23 09:07:44-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_14
[24-Apr-23 09:07:54-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_15
[24-Apr-23 09:08:05-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_16
[24-Apr-23 09:08:15-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_17
[24-Apr-23 09:08:25-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_18
[24-Apr-23 09:08:36-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_19
[24-Apr-23 09:08:47-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_20
[24-Apr-23 09:08:56-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_21
[24-Apr-23 09:09:05-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_22
[24-Apr-23 09:09:18-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_23
[24-Apr-23 09:09:30-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_24
[24-Apr-23 09:09:41-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_25
[24-Apr-23 09:09:51-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_26
[24-Apr-23 09:09:59-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_27
[24-Apr-23 09:10:10-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_28
[24-Apr-23 09:10:20-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_29
[24-Apr-23 09:10:29-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_30
[24-Apr-23 09:10:41-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_31
[24-Apr-23 09:10:52-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_32
[24-Apr-23 09:11:05-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_33
[24-Apr-23 09:11:14-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_34
[24-Apr-23 09:11:25-exe_bin-INFO]: Input command: /data/vulnloc/potrace/CVE-2013-7437/src/src/potrace /data/vulnloc/potrace/CVE-2013-7437/fuzzer/tmp/tmp_35

[yannicnoller]

I tried to stop the pool after the timeout, but it is not yet perfect: https://github.com/nus-apr/CrashRepair/commit/4879c9bdbb81ea3c3dbff7ae70f0144adb46f0a7

[ChrisTimperley]

Just a heads up (you probably already know), but this isn't an orchestrator crash: the fuzzer has exhausted all of the available memory. (See that the exit code is 137 and the process was forcibly killed.)

[yannicnoller]

works with recent changes: https://github.com/nus-apr/CrashRepair/commit/dc50482c3a1963224aa583431c4900485217192a

fuzzer generated: 30 tests

@rshariffdeen can you confirm and close if it works for you as well?

[rshariffdeen]

@yannicnoller I was able to generate 15 tests with the latest changes, I am now trying with the end-to-end repair

[rshariffdeen]

it works well with the validation as well, newly generated test-cases are used in the validation stage, I close this issue