You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am fuzzing a JVM application. JVM crashes due to fuzzing are false positives and I want to eliminate them. For that purpose, I updated LLVMFuzzerTestOneInput scripts to exit 0 on JVM failures, though this is not resulting in a successful fuzzer execution I was expecting. That is, in the associated ClusterFuzz bucket, I see a foo.testcase file along with a foo.log file, and this, I presume, indicates that it is received as a fuzzer failure by the system.
Click to see the ClusterFuzz fuzzer execution log snippet
...
INFO: Instrumented org.apache.logging.log4j.core.util.DefaultShutdownCallbackRegistry$RegisteredCancellable (took 32 ms, size +7%)
ALARM: working on the last Unit for 25 seconds
and the timeout value is 25 (use -timeout=N to change)
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/'; Test unit written to /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
==40704== ERROR: libFuzzer: timeout after 25 seconds
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (javaCalls.cpp:64), pid=40704, tid=40723
# guarantee(thread->can_call_java()) failed: cannot make java calls from the native compiler
#
# JRE version: OpenJDK Runtime Environment Zulu17.52+17-CA (17.0.12+7) (build 17.0.12+7-LTS)
# Java VM: OpenJDK 64-Bit Server VM Zulu17.52+17-CA (17.0.12+7-LTS, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, parallel gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x81f011]INFO: Instrumented org.apache.logging.log4j.core.util.NetUtils (took 51 ms, size +15%)
JavaCallWrapper::JavaCallWrapper(methodHandle const&, Handle, JavaValue*, JavaThread*)+0x1f1
#
# Core dump will be written. Default location: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_log4j2_6f1a723a8086d7a337b75af460e0eacd138ef8b0/revisions/core
#
# An error report file with more information is saved as:
# /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_log4j2_6f1a723a8086d7a337b75af460e0eacd138ef8b0/revisions/hs_err_pid40704.log
#
# Compiler replay data is saved as:
# /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_log4j2_6f1a723a8086d7a337b75af460e0eacd138ef8b0/revisions/replay_pid40704.log
#
# If you would like to submit a bug report, please visit:
# http://www.azul.com/support/
#
==40704== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/'; Test unit written to /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
stat::number_of_executed_units: 1
stat::average_exec_per_sec: 0
stat::new_units_added: 0
stat::slowest_unit_time_sec: 0
stat::peak_rss_mb: 994
INFO: exiting: 77 time: 906s
Detected JRE crash; exiting with success, since it doesn't qualify as a fuzzing failure.
cf::fuzzing_strategies: fork:2,extra_sanitizers:1
How can I gracefully exit from fuzzer scripts in case of libFuzzer crashes?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am fuzzing a JVM application. JVM crashes due to fuzzing are false positives and I want to eliminate them. For that purpose, I updated
LLVMFuzzerTestOneInputscripts toexit 0on JVM failures, though this is not resulting in a successful fuzzer execution I was expecting. That is, in the associated ClusterFuzz bucket, I see afoo.testcasefile along with afoo.logfile, and this, I presume, indicates that it is received as a fuzzer failure by the system.Click to see the ClusterFuzz fuzzer execution log snippet
How can I gracefully exit from fuzzer scripts in case of libFuzzer crashes?
Beta Was this translation helpful? Give feedback.
All reactions