Tracking issue oss-fuzz #55184

ptitSeb commented 1 year ago
OSS-Fuzz project found an issue with Wasmer.
tracking is here: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55184
Reproduced localy, using reproducing guide https://google.github.io/oss-fuzz/advanced-topics/reproducing/ with local sources.
seb@Seb-PC:~/git/oss-fuzz$ python3 infra/helper.py reproduce wasmer deterministic ~/clusterfuzz-testcase-deterministic-5087135558664192
INFO:root:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e HELPER=True -e ARCHITECTURE=x86_64 -v /home/seb/git/oss-fuzz/build/out/wasmer:/out -v /home/seb/clusterfuzz-testcase-deterministic-5087135558664192:/testcase -t gcr.io/oss-fuzz-base/base-runner reproduce deterministic -runs=100.
+ FUZZER=deterministic
+ shift
+ '[' '!' -v TESTCASE ']'
+ TESTCASE=/testcase
+ '[' '!' -f /testcase ']'
+ export RUN_FUZZER_MODE=interactive
+ RUN_FUZZER_MODE=interactive
+ export FUZZING_ENGINE=libfuzzer
+ FUZZING_ENGINE=libfuzzer
+ export SKIP_SEED_CORPUS=1
+ SKIP_SEED_CORPUS=1
+ run_fuzzer deterministic -runs=100 /testcase
/out/deterministic -rss_limit_mb=2560 -timeout=25 -runs=100 /testcase -detect_leaks=0 < /dev/null
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1421365297
INFO: Loaded 1 modules   (1729653 inline 8-bit counters): 1729653 [0x5653ae092d30, 0x5653ae2391a5),
INFO: Loaded 1 PC tables (1729653 PCs): 1729653 [0x5653ae2391a8,0x5653afc9d8f8),
/out/deterministic: Running 1 inputs 100 time(s) each.
Running: /testcase
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Validate("invalid result arity: func type returns multiple values (at offset 11)")', fuzz/fuzz_targets/deterministic.rs:29:44
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==17==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000011 (pc 0x7f03a1aa800b bp 0x7ffde8f68960 sp 0x7ffde8f686d0 T0)
SCARINESS: 10 (signal)
    #0 0x7f03a1aa800b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #1 0x7f03a1a87858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #2 0x5653ab0bdfc6 in std::sys::unix::abort_internal::h17ff6a05d75554fd /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/sys/unix/mod.rs:350:14
    #3 0x5653a3b29396 in std::process::abort::h0719662b392a1d74 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/process.rs:2130:5
    #4 0x5653aafaa3f3 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::ha05071e3c8c15fb2 /rust/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.4.5/src/lib.rs:91:9
    #5 0x5653ab0b2cb9 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..Fn$LT$Args$GT$$GT$::call::hbe2a83af4f199707 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/alloc/src/boxed.rs:2002:9
    #6 0x5653ab0b2cb9 in std::panicking::rust_panic_with_hook::h3e1a741fa6360008 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panicking.rs:692:13
    #7 0x5653ab0b2a38 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h933b66345842897c /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panicking.rs:579:13
    #8 0x5653ab0afdfb in std::sys_common::backtrace::__rust_end_short_backtrace::h119b44314ddfd35e /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/sys_common/backtrace.rs:137:18
    #9 0x5653ab0b2741 in rust_begin_unwind /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panicking.rs:575:5
    #10 0x5653a3b2cd12 in core::panicking::panic_fmt::h6a7bdde79bb41a84 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/core/src/panicking.rs:64:14
    #11 0x5653a3b2d1c2 in core::result::unwrap_failed::h8aa249c822f94e96 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/core/src/result.rs:1790:5
    #12 0x5653a3f2f551 in core::result::Result$LT$T$C$E$GT$::unwrap::h853a5a35a188f9b2 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/core/src/result.rs:1112:23
    #13 0x5653a3f2f551 in deterministic::compile_and_compare::h397576f757902f20 /src/wasmer/fuzz/fuzz_targets/deterministic.rs:29:18
    #14 0x5653a3f32ae9 in deterministic::_::run::hfc26422cb73a3ae9 /src/wasmer/fuzz/fuzz_targets/deterministic.rs:63:5
    #15 0x5653a3f30ea6 in rust_fuzzer_test_input /rust/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.4.5/src/lib.rs:297:60
    #16 0x5653aafa56cf in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::hc1d0f5dbab90d0fc /rust/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.4.5/src/lib.rs:61:9
    #17 0x5653aafa56cf in std::panicking::try::do_call::h66195d21f248ab34 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panicking.rs:483:40
    #18 0x5653aafaa617 in __rust_try libfuzzer_sys.5ebbfa43-cgu.0
    #19 0x5653aafa9875 in std::panicking::try::hffabf484f4d83603 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panicking.rs:447:19
    #20 0x5653aafa9875 in std::panic::catch_unwind::h4ca177306c1226a1 /rustc/5e37043d63bfe2f3be8fa5a05b07d6c0dad5775d/library/std/src/panic.rs:140:14
    #21 0x5653aafa9875 in LLVMFuzzerTestOneInput /rust/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.4.5/src/lib.rs:59:22
    #22 0x5653aafc8c63 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #23 0x5653aafb43c2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #24 0x5653aafb9c6c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #25 0x5653aafe31a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #26 0x7f03a1a89082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #27 0x5653a3bd3eed in _start (/out/deterministic+0x32a7eed) (BuildId: 3b203b8475615f48f6c2f8cd21e4db8458478d62)

DEDUP_TOKEN: raise--abort--std::sys::unix::abort_internal::h17ff6a05d75554fd
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise
==17==ABORTING
stale[bot] commented 6 months ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
stale[bot] commented 5 months ago
Feel free to reopen the issue if it has been closed by mistake.
wasmerio / wasmer

Tracking issue oss-fuzz #55184 #3524
