On Mon, Jun 22, 2020 at 2:10 PM Jeffrey Walton <[email protected]> wrote: > > Hi Everyone/Tim, > > Here's another crash on the fuzzer. This came from an ODROID XU4. > > Here's the text from the log file in case I screw up the attachment again. > > FAIL: wget_options_fuzzer > ========================= > > testing 7 bytes from > '/home/jwalton/wget2/fuzz/wget_options_fuzzer.in/c692273deb2772da307ffe37041fef77bf4baa97' > GNU Wget2 1.99.2 - multithreaded metalink/file/website downloader > > +digest -https -ssl +ipv6 +iri +large-file +nls -ntlm -opie +psl -hsts > +iconv +idn2 +zlib +lzma -brotlidec -zstd +bzip2 -lzip -http2 -gpgme
I think I managed to get a backtrace out of it, but I am not sure how good it is. $ ../libtool --mode=execute gdb wget_options_fuzzer GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "arm-linux-gnueabihf". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /home/jwalton/Build-Scripts/wget2/fuzz/.libs/wget_options_fuzzer...done. (gdb) r Starting program: /home/jwalton/Build-Scripts/wget2/fuzz/.libs/wget_options_fuzzer Cannot parse expression `.L1207 4@r4'. warning: Probes-based dynamic linker interface failed. Reverting to original interface. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1". Program received signal SIGILL, Illegal instruction. _armv7_tick () at crypto/armv4cpuid.S:136 136 crypto/armv4cpuid.S: No such file or directory. (gdb) c Continuing. testing 7 bytes from '/home/jwalton/Build-Scripts/wget2/fuzz/wget_options_fuzzer.in/c692273deb2772da307ffe37041fef77bf4baa97' GNU Wget2 1.99.2 - multithreaded metalink/file/website downloader +digest -https -ssl +ipv6 +iri +large-file +nls -ntlm -opie +psl -hsts +iconv +idn2 +zlib +lzma -brotlidec -zstd +bzip2 -lzip -http2 -gpgme Copyright (C) 2012-2015 Tim Ruehsen Copyright (C) 2015-2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://www.gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please send bug reports and questions to <[email protected]>. free(): invalid pointer Program received signal SIGABRT, Aborted. __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47 47 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory. (gdb) bt full #0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47 No locals. #1 0xb6e4cb32 in __libc_signal_restore_set (set=0xbeffef84) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80 _a2tmp = -1090523260 _a2 = -1090523260 _nametmp = 175 _a3tmp = 0 _a3 = 0 _a1 = 0 _a4tmp = 8 _a1tmp = 2 _a4 = 8 _name = 175 #2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48 set = {__val = {0, 0, 0, 4241216, 3204444252, 3070228848, 3204444132, 3204444140, 3070088761, 3204444140, 3070229196, 5, 0, 0, 3070228848, 0, 3070228848, 3070229312, 3070229312, 3070204448, 3204444188, 0, 3070088761, 3204444196, 4294967295, 5, 3068334024, 3070205888, 0, 32, 3068447921, 3070204888}} pid = <optimized out> tid = <optimized out> ret = <optimized out> ---Type <return> to continue, or q <return> to quit--- #3 0xb6e4d82e in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x1c4, sa_sigaction = 0x1c4}, sa_mask = {__val = {3069747704, 3070202984, 3204444540, 3204444536, 3069747704, 3070202984, 0, 2275345624, 3069747704, 3070202984, 3069734728, 71104550, 3069757083, 3069741960, 3204444644, 3070224752, 3070226432, 2863311531, 3204444536, 3204444540, 3070198028, 0, 0, 3069751837, 2275345624, 0, 0, 3069757083, 3204444740, 3070202984, 3204444644, 3204444652}}, sa_flags = -1090522616, sa_restorer = 0xb6ebe057 <__GI___mmap+22>} sigs = {__val = {32, 0 <repeats 31 times>}} #4 0xb6e75460 in __libc_message (action=action@entry=do_abort, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181 ap = {__ap = 0xbefff244} fd = 2 list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #5 0xb6e797ee in malloc_printerr (str=<optimized out>) at malloc.c:5350 No locals. #6 0xb6e7ab50 in _int_free (av=<optimized out>, p=0x40f904, have_lock=0) ---Type <return> to continue, or q <return> to quit--- at malloc.c:4157 size = 0 fb = <optimized out> nextchunk = <optimized out> nextsize = <optimized out> nextinuse = <optimized out> prevsize = <optimized out> bck = <optimized out> fwd = <optimized out> __PRETTY_FUNCTION__ = "_int_free" #7 0x00408c0a in deinit () at options.c:3766 No locals. #8 0x00404e02 in LLVMFuzzerTestOneInput (data=<optimized out>, size=<optimized out>) at wget_options_fuzzer.c:115 argv = {0x40c214 "x", 0x40b774 "-q", 0x40b778 "--no-config", 0x40b784 "--no-local-db", 0x40b794 "--config", 0x40b750 "d41d8cd98f00b204e9800998ecf8428e"} #9 0x00404ec6 in test_all_from ( dirname=0xbefff370 "/home/jwalton/Build-Scripts/wget2/fuzz/wget_options_fuzzer.in") at main.c:57 fname = 0xbefff2c0 "/home/jwalton/Build-Scripts/wget2/fuzz/wget_options_fuzzer.in/c692273deb2772da307ffe37041fef77bf4baa97" data = 0x42c2e8 "version" ---Type <return> to continue, or q <return> to quit--- size = 7 dp = <optimized out> dirp = 0x4242c0 #10 0x00404ade in main (argc=<optimized out>, argv=<optimized out>) at main.c:117 rc = <optimized out> corporadir = "/home/jwalton/Build-Scripts/wget2/fuzz/wget_options_fuzzer.in\000\377\276\000\000" valgrind = <optimized out> target = 0xbefff68d "wget_options_fuzzer" target_len = 19 (gdb) Jeff
