Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No fuzzer binaries found #135

Closed
vadi2 opened this Issue Feb 8, 2019 · 14 comments

Comments

Projects
None yet
2 participants
@vadi2
Copy link

vadi2 commented Feb 8, 2019

I created a job and uploaded my zip, however it's complaining with:

2019-02-08 13:51:08,359 - run_bot - INFO - Checking for bad build.
2019-02-08 13:51:08,654 - run_bot - ERROR - Error occurred while working on task.
Traceback (most recent call last):
  File "src/python/bot/startup/run_bot.py", line 98, in task_loop
    commands.process_command(task)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/tasks/commands.py", line 147, in wrapper
    return func(task)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/tasks/commands.py", line 360, in process_command
    run_command(task_name, task_argument, job_name)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/tasks/commands.py", line 190, in run_command
    task_module.execute_task(task_argument, job_name)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/tasks/fuzz_task.py", line 1342, in execute_task
    data_directory, testcase_count)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/tasks/fuzz_task.py", line 742, in run_fuzzer
    testcase_count)
  File "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/src/python/bot/fuzzers/builtin.py", line 72, in run
    'No fuzzer binaries found in |BUILD_DIR| directory.')
BuiltinFuzzerException: No fuzzer binaries found in |BUILD_DIR| directory.

What exactly is it talking about?

@vadi2 vadi2 changed the title No fuzzer binaries sounf No fuzzer binaries found Feb 8, 2019

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

Thanks a lot for this report.

Is this also with the heartbleed example? And are you using the local development setup or the production one?

For some reason, this seems to be saying ClusterFuzz can't find any binaries to fuzz.

Let's try two things:

  1. Can you run one of the fuzzer binaries you uploaded in the build?
    Assuming this is the heartbleed example: ./handshake-fuzzer -runs=0

  2. Can you post the output of ls ~/$BOT_DIR/clusterfuzz/bot/builds/*/custom/*, where $BOT_DIR is the directory you passed to python butler.py run_bot?

Thanks!

@jonathanmetzman jonathanmetzman self-assigned this Feb 8, 2019

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

Also, could you please post all of your bot.log? This may help as well.

@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

Heartbleed example works okay, it's just my example that's having trouble!

This is a local deployment.

My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...

ls clusterfuzz/bot/builds/*/custom/*
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/handshake-fuzzer
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/REVISION
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.key
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.pem
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/REVISION
@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

log.zip

Here's the log - it's a bit big, I've started running the heartbleed example.

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

Heartbleed example works okay,

Phew!

it's just my example that's having trouble!

OK let's try to figure this out.

This is a local deployment.

My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...

ls clusterfuzz/bot/builds/*/custom/*
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/handshake-fuzzer
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/REVISION
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.key
clusterfuzz/bot/builds/libfuzzer_asan_linux_openssl/custom/server.pem
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet
clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/REVISION

What happens when you run ./clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet -runs=0?

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

log.zip

Here's the log - it's a bit big, I've started running the heartbleed example.

Thanks, taking a look now.

@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

Mudlet starts OK:

./clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet -runs=0
Could not find Discord library - searched in:
     "/usr/lib/x86_64-linux-gnu/qt5/plugins"
     "/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom"
mudlet::mudlet() INFO - Seeking Mudlet translations files in: "/usr/share/qt5/translations"
mudlet::mudlet() INFO - Seeking Mudlet translations files in: ":/lang"
mudlet::mudlet() Failed to load translation file "mudlet_el_GR.qm" from ":/lang"
mudlet::mudlet() Failed to load translation file "mudlet_en_US.qm" from ":/lang"
mudlet::mudlet() INFO - loading Mudlet: "en_US" translations from: "mudlet_en_US.qm"
mudlet::mudlet() ERROR - Failed to directly load a translator for: "en_US" a translation to the specified language will not be available
mudlet::mudlet() Failed to load translation file "mudlet_zh_TW.qm" from ":/lang"
cTelnet::encodingChanged("UTF-8") INFO - Installing a codec for OOB protocols that can handle: ()
=================================================================
==8507==ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x602000113ef0
    #0 0x595d08 in operator delete(void*) (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x595d08)
    #1 0x8bc6dd in edbee::BasePListParser::endParsing() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/baseplistparser.cpp:70:5
    #2 0x8a440d in edbee::TmLanguageParser::parse(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:39:10
    #3 0x8a6321 in edbee::TmLanguageParser::parse(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:56:31
    #4 0x8c9dc0 in edbee::TextGrammarManager::readGrammarFile(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/models/textgrammar.cpp:300:35
    #5 0x11ba205 in mudlet::initEdbee() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:586:21
    #6 0x119abd2 in mudlet::mudlet() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:559:5
    #7 0x1182ff5 in mudlet::start() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:124:17
    #8 0x1180986 in main /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/main.cpp:496:5
    #9 0x7f62933dc09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16
    #10 0x489539 in _start (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x489539)

0x602000113ef0 is located 0 bytes inside of 8-byte region [0x602000113ef0,0x602000113ef8)
allocated by thread T0 here:
    #0 0x558cb7 in __interceptor_malloc (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x558cb7)
    #1 0x78baed in debug_malloc(unsigned long, char const*, int) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/util/mem/debug_new.cpp:30:15
    #2 0x78c3a0 in operator new(unsigned long, char const*, int) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/util/mem/debug_new.cpp:74:15
    #3 0x8bb39d in edbee::BasePListParser::beginParsing(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/baseplistparser.cpp:51:12
    #4 0x8a435c in edbee::TmLanguageParser::parse(QIODevice*) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:34:9
    #5 0x8a6321 in edbee::TmLanguageParser::parse(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/io/tmlanguageparser.cpp:56:31
    #6 0x8c9dc0 in edbee::TextGrammarManager::readGrammarFile(QString const&) /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../3rdparty/edbee-lib/edbee-lib/edbee/models/textgrammar.cpp:300:35
    #7 0x11ba205 in mudlet::initEdbee() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:586:21
    #8 0x119abd2 in mudlet::mudlet() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:559:5
    #9 0x1182ff5 in mudlet::start() /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/mudlet.cpp:124:17
    #10 0x1180986 in main /home/vadi/Programs/Mudlet/mudlet/build-mudlet-Qt_5_9_5_Clang_64bit-Debug/../src/main.cpp:496:5
    #11 0x7f62933dc09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch (/home/vadi/Programs/Mudlet/mudlet1/clusterfuzz/bot/builds/libfuzzer_asan_my_project/custom/mudlet+0x595d08) in operator delete(void*)
==8507==HINT: if you don't care about these errors you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==8507==ABORTING

(well, when I enable that ASAN_OPTIONS=alloc_dealloc_mismatch=0 option. Unfortunately this is a 3rd party library that's redefining new/delete 😞 )

@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

I tried adding ASAN_OPTIONS=alloc_dealloc_mismatch=0 to the jobs environment variables page, but it did not seem have helped.

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

I tried adding ASAN_OPTIONS=alloc_dealloc_mismatch=0 to the jobs environment variables page, but it did not seem have helped.

The ASan crash seems to be a separate issue. Let's handle the first one which is ClusterFuzz not recognizing your binary as a fuzzer.

My fuzzer binary worked OK, although I didn't create a stripped-down glue version of it - just compiled my application as-is with asan enabled...

I think I know what the issue is.

Did you compile mudlet with -fsanitize=fuzzer (or with AFL?)

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

Remember, your custom build shouldn't actually be the entire binary of the program you want to fuzz. It should be a unittest-like program whose entry point is LLVMFuzzerTestOneInput and is compiled for libFuzzer or AFL (I don't see LLVMFuzzerTestOneInput in your stacktrace, so I guess you didn't do this?).

@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

With -fsanitize=address,fuzzer-no-link specifically (it complained about main() already defined).

@vadi2

This comment has been minimized.

Copy link
Author

vadi2 commented Feb 8, 2019

Nope, haven't done that, wanted to see what would happen / did not understand the contept of the glue code program at that time. Perhaps this is just the resulting error then.

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Feb 8, 2019

With -fsanitize=address,fuzzer-no-link specifically (it complained about main() already defined).

Ah this is the issue. The program you give to ClusterFuzz must be compiled with -fsanitize=fuzzer at some point (assuming you aren't doing blackbox fuzzing or AFL).

I strongly recommend libFuzzer though. Probably best to read the libFuzzer docs so you understand how to make a libFuzzer-based target. Once you have one, you can upload it to ClusterFuzz.

Nope, haven't done that, wanted to see what would happen / did not understand the contept of the glue code program at that time. Perhaps this is just the resulting error then.

Maybe we should make this clearer in the docs.

Good luck and let us know if you run into other trouble.

@jonathanmetzman

This comment has been minimized.

Copy link
Collaborator

jonathanmetzman commented Mar 8, 2019

To clarify since I think this issue has caused some confusion, for a binary to be recognized as a fuzzer it should have a function called LLVMFuzzerTestOneInput. The logic for determining if a binary is a fuzzer is here.

The libFuzzer target someone gives to ClusterFuzz doesn't necessarily need to be compiled with -fsanitize=fuzzer but it should be a working libFuzzer target. -fsanitize=fuzzer-no-link does not do this, -fsanitize=fuzzer can do this but it is not the only way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.