[FUZZIT] Crash at fuzzing target gwion
fuzzit-dev opened this issue · comments
fuzzit-dev commented
A new crash was discovered for fuzzing target gwion.
Here is a snippet of the log:
4 ShuffleBytes-ShuffleBytes-ChangeASCIIInt-PersAutoDict- DE: "\x10\x00\x00\x00\x00\x00\x00\x00"-
FUZZER: unknown type 'U0000000000'
FUZZER: #11525 REDUCE cov: 3873 ft: 9915 corp: 448/44Kb lim: 269 exec/s: 0 rss: 36Mb L: 33/269 MS: 1 EraseBytes-
FUZZER: variable typeofof not legit at this point.
FUZZER: variable typeofof not legit at this point.
FUZZER: function name 'i' is already used by another value
FUZZER: function name 'i' is already used by another value
FUZZER: function name 'i' is already used by another value
FUZZER: variable i not legit at this point.
FUZZER: test@0@libfuzzer @=< Test: no match found for operator
FUZZER: unknown type 'ynt'
FUZZER: unknown type 'pnte0y'
FUZZER: #11627 NEW cov: 3873 ft: 9917 corp: 449/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 212/269 MS: 2 InsertByte-CopyPart-
FUZZER: class 'Gain' has no member 'o'
FUZZER: #11638 NEW cov: 3873 ft: 9919 corp: 450/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 120/269 MS: 1 CrossOver-
FUZZER: #11639 REDUCE cov: 3873 ft: 9919 corp: 450/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 64/269 MS: 1 EraseBytes-
FUZZER: #11697 REDUCE cov: 3873 ft: 9919 corp: 450/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 160/269 MS: 3 ShuffleBytes-CrossOver-CopyPart-
FUZZER: #11733 REDUCE cov: 3873 ft: 9919 corp: 450/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 109/269 MS: 1 EraseBytes-
FUZZER: dur =+ @now: no match found for operator
FUZZER: #11739 NEW cov: 3873 ft: 9920 corp: 451/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 150/269 MS: 1 ChangeByte-
FUZZER: #11770 REDUCE cov: 3873 ft: 9920 corp: 451/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 130/269 MS: 1 EraseBytes-
FUZZER: variable __funk__ not legit at this point.
FUZZER: variable __funk__ not legit at this point.
FUZZER: #11772 NEW cov: 3873 ft: 9921 corp: 452/44Kb lim: 269 exec/s: 0 rss: 37Mb L: 125/269 MS: 2 ChangeBit-ChangeByte-
FUZZER: te0t@0@libfuzzer @=> Te0t: no match found for operator
FUZZER: can't use private type D
FUZZER: type 'C' is not global
FUZZER: type 'C' is not global
FUZZER: unknown type 'd'
FUZZER: variable t00t not legit at this point.
FUZZER: unknown type 't'
FUZZER: UndefinedBehaviorSanitizer:DEADLYSIGNAL
FUZZER: ==25==ERROR: UndefinedBehaviorSanitizer: BUS on unknown address 0x000000000000 (pc 0x0000004ffb24 bp 0x7fff73796d90 sp 0xe0007fff73796d30 T25)
FUZZER: #0 0x4ffb23 (/app/fuzzer+0x4ffb23)
FUZZER: #1 0x4ff2f3 (/app/fuzzer+0x4ff2f3)
FUZZER: #2 0x4c0740 (/app/fuzzer+0x4c0740)
FUZZER: #3 0x4eb5b9 (/app/fuzzer+0x4eb5b9)
FUZZER: #4 0x4e9cf1 (/app/fuzzer+0x4e9cf1)
FUZZER: #5 0x4e9f98 (/app/fuzzer+0x4e9f98)
FUZZER: #6 0x4ff92a (/app/fuzzer+0x4ff92a)
FUZZER: #7 0x4ff2f3 (/app/fuzzer+0x4ff2f3)
FUZZER: #8 0x4c0740 (/app/fuzzer+0x4c0740)
FUZZER: #9 0x4eb5b9 (/app/fuzzer+0x4eb5b9)
FUZZER: #10 0x4e9cf1 (/app/fuzzer+0x4e9cf1)
FUZZER: #11 0x4e9f98 (/app/fuzzer+0x4e9f98)
FUZZER: #12 0x4ef639 (/app/fuzzer+0x4ef639)
FUZZER: #13 0x4f1966 (/app/fuzzer+0x4f1966)
FUZZER: #14 0x4ee0ba (/app/fuzzer+0x4ee0ba)
FUZZER: #15 0x4eff1b (/app/fuzzer+0x4eff1b)
FUZZER: #16 0x4f0f8f (/app/fuzzer+0x4f0f8f)
FUZZER: #17 0x4f18e1 (/app/fuzzer+0x4f18e1)
FUZZER: #18 0x4be5ec (/app/fuzzer+0x4be5ec)
FUZZER: #19 0x4b6ef1 (/app/fuzzer+0x4b6ef1)
FUZZER: #20 0x4b301a (/app/fuzzer+0x4b301a)
FUZZER: #21 0x4b324e (/app/fuzzer+0x4b324e)
FUZZER: #22 0x4b1a21 (/app/fuzzer+0x4b1a21)
FUZZER: #23 0x442fa1 (/app/fuzzer+0x442fa1)
FUZZER: #24 0x4427e5 (/app/fuzzer+0x4427e5)
FUZZER: #25 0x444a87 (/app/fuzzer+0x444a87)
FUZZER: #26 0x4457a5 (/app/fuzzer+0x4457a5)
FUZZER: #27 0x433568 (/app/fuzzer+0x433568)
FUZZER: #28 0x45c9d2 (/app/fuzzer+0x45c9d2)
FUZZER: #29 0x7f054abb82e0 (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
FUZZER: #30 0x406e18 (/app/fuzzer+0x406e18)
FUZZER:
FUZZER: UndefinedBehaviorSanitizer can not provide additional info.
FUZZER: ==25==ABORTING
FUZZER: MS: 1 EraseBytes-; base unit: 2cc97da610154b1925630d0a80735ae16463d30f
FUZZER: 0x63,0x6c,0x61,0x73,0x73,0x20,0x3c,0x7e,0x41,0x2c,0x20,0x42,0x7e,0x3e,0x20,0x43,0x7b,0x7d,0xa,0x63,0x6c,0x61,0x73,0x73,0x20,0x3c,0x7e,0x41,0x7e,0x3e,0x20,0x44,0x20,0x7b,0x7d,0xa,0x3c,0x7e,0x20,0x3c,0x7e,0x74,0x7e,0x3e,0x44,0x2c,0x20,0x3c,0x7e,0x69,0x6e,0x74,0x7e,0x3e,0x44,0x20,0x7e,0x3e,0x43,0x20,0x63,0x3b,0xa,0x3c,0x3c,0x3c,0x20,0x63,0x20,0x3e,0x3e,0x3e,0x3b,0xa,
FUZZER: class <~A, B~> C{}\x0aclass <~A~> D {}\x0a<~ <~t~>D, <~int~>D ~>C c;\x0a<<< c >>>;\x0a
FUZZER: artifact_prefix='./'; Test unit written to ./artifact
FUZZER: Base64: Y2xhc3MgPH5BLCBCfj4gQ3t9CmNsYXNzIDx+QX4+IEQge30KPH4gPH50fj5ELCA8fmludH4+RCB+PkMgYzsKPDw8IGMgPj4+Owo=
FUZZER: stat::number_of_executed_units: 11913
FUZZER: stat::average_exec_per_sec: 0
FUZZER: stat::new_units_added: 404
FUZZER: stat::slowest_unit_time_sec: 0
FUZZER: stat::peak_rss_mb: 37
2020/05/17 11:33:42 process finished with error = exit status 1
2020/05/17 11:33:42 Exit Status: 1
2020/05/17 11:33:43 uploading crash...
More details can be found here
Cheers,
Fuzzit Bot