Skip to content

[casr-afl] Possible bug in CASR report generation for cases when ASAN hard_rss_limit_mb limit is reached #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
niksankin opened this issue Mar 31, 2025 · 14 comments
Open

[casr-afl] Possible bug in CASR report generation for cases when ASAN hard_rss_limit_mb limit is reached #253

niksankin opened this issue Mar 31, 2025 · 14 comments
Labels
question Further information is requested

Comments

@niksankin
Copy link

When running casr-afl on testcases that cause the tested program to trigger ASAN hard rss limit, I got this error:

~$ ASAN_OPTIONS="detect_leaks=0:abort_on_error=1:symbolize=0:hard_rss_limit_mb=100"  ./casr-afl -i ./in -o ./out -- /some/program @@
11:28:47 [INFO] Analyzing 3 files...
11:28:47 [INFO] Generating CASR reports...
11:28:47 [INFO] Using 3 threads
11:28:48 [INFO] Deduplicating CASR reports...
Error: Error: All 3 CASR reports are corrupted

It may be some bug in ASAN log parser that is triggered by ASAN logs in this form:

==2446==AddressSanitizer: hard rss limit exhausted (100Mb vs 103Mb)
==2446==Process memory map follows:
        0x00007fff7000-0x00008fff7000
        0x00008fff7000-0x02008fff7000
        0x02008fff7000-0x10007fff8000
        0x55877f410000-0x55877f4b7000   /some/program
        0x55877f4b7000-0x55877fd20000   /some/program
        0x55877fd20000-0x55877fe26000   /some/program
        0x55877fe26000-0x55877fe29000   /some/program
        0x55877fe29000-0x55877feb1000   /some/program
        0x55877feb1000-0x5587800b2000
        0x600000000000-0x640000000000
        0x640000000000-0x640000003000
        0x7fc4f551e000-0x7fc4f7531000
        0x7fc4f7531000-0x7fc4f7d31000
        0x7fc4f7d31000-0x7fc4f809d000
        0x7fc4f809d000-0x7fc4f80a0000   /usr/lib64/libz.so.1.2.11
        0x7fc4f80a0000-0x7fc4f80ae000   /usr/lib64/libz.so.1.2.11
        0x7fc4f80ae000-0x7fc4f80b4000   /usr/lib64/libz.so.1.2.11
        0x7fc4f80b4000-0x7fc4f80b5000   /usr/lib64/libz.so.1.2.11
        0x7fc4f80b5000-0x7fc4f80b6000   /usr/lib64/libz.so.1.2.11
        0x7fc4f80b6000-0x7fc4f80b7000
        0x7fc4f80b7000-0x7fc4f80c4000   /usr/lib64/libm.so.6
        0x7fc4f80c4000-0x7fc4f8134000   /usr/lib64/libm.so.6
        0x7fc4f8134000-0x7fc4f8190000   /usr/lib64/libm.so.6
        0x7fc4f8190000-0x7fc4f8191000   /usr/lib64/libm.so.6
        0x7fc4f8191000-0x7fc4f8192000   /usr/lib64/libm.so.6
        0x7fc4f8192000-0x7fc4f822b000   /usr/lib64/libstdc++.so.6.0.29
        0x7fc4f822b000-0x7fc4f8337000   /usr/lib64/libstdc++.so.6.0.29
        0x7fc4f8337000-0x7fc4f83aa000   /usr/lib64/libstdc++.so.6.0.29
        0x7fc4f83aa000-0x7fc4f83b7000   /usr/lib64/libstdc++.so.6.0.29
        0x7fc4f83b7000-0x7fc4f83b8000   /usr/lib64/libstdc++.so.6.0.29
        0x7fc4f83b8000-0x7fc4f83bb000
        0x7fc4f83bb000-0x7fc4f83e3000   /usr/lib64/libc.so.6
        0x7fc4f83e3000-0x7fc4f8558000   /usr/lib64/libc.so.6
        0x7fc4f8558000-0x7fc4f85b0000   /usr/lib64/libc.so.6
        0x7fc4f85b0000-0x7fc4f85b1000   /usr/lib64/libc.so.6
        0x7fc4f85b1000-0x7fc4f85b5000   /usr/lib64/libc.so.6
        0x7fc4f85b5000-0x7fc4f85b7000   /usr/lib64/libc.so.6
        0x7fc4f85b7000-0x7fc4f85c4000
        0x7fc4f85c4000-0x7fc4f85c7000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85c7000-0x7fc4f85d9000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85d9000-0x7fc4f85dc000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85dc000-0x7fc4f85dd000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85dd000-0x7fc4f85de000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85de000-0x7fc4f85df000   /usr/lib64/libgcc_s-11-20231218.so.1
        0x7fc4f85df000-0x7fc4f85e0000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85e0000-0x7fc4f85e6000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85e6000-0x7fc4f85e7000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85e7000-0x7fc4f85e8000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85e8000-0x7fc4f85e9000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85e9000-0x7fc4f85ea000   /usr/lib64/libprotobuf-c.so.1.0.0
        0x7fc4f85ea000-0x7fc4f85ec000
        0x7fc4f85ec000-0x7fc4f85f1000   /usr/lib64/libnghttp2.so.14.20.1
        0x7fc4f85f1000-0x7fc4f8606000   /usr/lib64/libnghttp2.so.14.20.1
        0x7fc4f8606000-0x7fc4f8612000   /usr/lib64/libnghttp2.so.14.20.1
        0x7fc4f8612000-0x7fc4f8615000   /usr/lib64/libnghttp2.so.14.20.1
        0x7fc4f8615000-0x7fc4f8616000   /usr/lib64/libnghttp2.so.14.20.1
        0x7fc4f8616000-0x7fc4f86c3000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f86c3000-0x7fc4f891f000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f891f000-0x7fc4f89ec000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f89ec000-0x7fc4f89ed000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f89ed000-0x7fc4f8a43000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f8a43000-0x7fc4f8a46000   /usr/lib64/libcrypto.so.3.0.7
        0x7fc4f8a46000-0x7fc4f8a49000
        0x7fc4f8a49000-0x7fc4f8aa3000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8aa3000-0x7fc4f8c58000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8c58000-0x7fc4f8d4c000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8d4c000-0x7fc4f8d4d000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8d4d000-0x7fc4f8d53000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8d53000-0x7fc4f8d8a000   /usr/lib64/libpython3.9.so.1.0
        0x7fc4f8d8a000-0x7fc4f8dac000
        0x7fc4f8dac000-0x7fc4f8dba000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8dba000-0x7fc4f8dee000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8dee000-0x7fc4f8e01000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8e01000-0x7fc4f8e02000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8e02000-0x7fc4f8e04000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8e04000-0x7fc4f8e05000   /usr/lib64/libevent-2.1.so.7.0.1
        0x7fc4f8e05000-0x7fc4f8e23000   /usr/lib64/libssl.so.3.0.7
        0x7fc4f8e23000-0x7fc4f8e80000   /usr/lib64/libssl.so.3.0.7
        0x7fc4f8e80000-0x7fc4f8e9d000   /usr/lib64/libssl.so.3.0.7
        0x7fc4f8e9d000-0x7fc4f8ea7000   /usr/lib64/libssl.so.3.0.7
        0x7fc4f8ea7000-0x7fc4f8eab000   /usr/lib64/libssl.so.3.0.7
        0x7fc4f8eab000-0x7fc4f8ecf000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8ecf000-0x7fc4f8fa6000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8fa6000-0x7fc4f8fd8000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8fd8000-0x7fc4f8fd9000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8fd9000-0x7fc4f8fdd000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8fdd000-0x7fc4f8fe0000   /usr/lib64/libasan.so.6.0.0
        0x7fc4f8fe0000-0x7fc4f9896000
        0x7fc4f9896000-0x7fc4f989a000
        0x7fc4f989a000-0x7fc4f989c000   /usr/lib64/ld-linux-x86-64.so.2
        0x7fc4f989c000-0x7fc4f98c2000   /usr/lib64/ld-linux-x86-64.so.2
        0x7fc4f98c2000-0x7fc4f98cd000   /usr/lib64/ld-linux-x86-64.so.2
        0x7fc4f98cd000-0x7fc4f98ce000
        0x7fc4f98ce000-0x7fc4f98d0000   /usr/lib64/ld-linux-x86-64.so.2
        0x7fc4f98d0000-0x7fc4f98d2000   /usr/lib64/ld-linux-x86-64.so.2
        0x7ffe68b20000-0x7ffe68b41000   [stack]
        0x7ffe68ba2000-0x7ffe68ba6000   [vvar]
        0x7ffe68ba6000-0x7ffe68ba8000   [vdso]
        0xffffffffff600000-0xffffffffff601000   [vsyscall]
==2446==End of process memory map.
Aborted
@SweetVishnya
Copy link
Collaborator

AFAIK, AFL++ does not support handling of hard_rss_limit

@niksankin
Copy link
Author

hard_rss_limit_mb exported manually to program that is tested under AFL, because I struggle by the same problem as described here: https://afl-1.readthedocs.io/en/latest/notes_for_asan.html. hard_rss_limit_mb is the only currently available way for me to solve the described problem in a moment. That's how I get such crashes in my AFL working dir. This is a bit extravagant usecase, but is still a usecase I think

@SweetVishnya
Copy link
Collaborator

You may try asking in Awesome Fuzzing Discord channel. However, last time I asked about hard_rss_limit compatibility with AFL++, I was told that there's no such support and AFL++ just uses system oom killer.

@niksankin
Copy link
Author

niksankin commented Mar 31, 2025
edited
Loading

that's right, AFL uses ulimit when launched with '-m' option. In my setup I can not use '-m' option, so I exporting hard_rss_limit_mb manually. Another possible option is to add cgroups support into AFL, but there is no opportunity for me to implement that right now. So exporting hard_rss_limit_mb by hand is an only possible option for me right now

@SweetVishnya
Copy link
Collaborator

btw, there's no stacktrace in your output, so, casr has nothing to analyze

@niksankin
Copy link
Author

I suggest that these crashes may be treated as oom cases (or as some special asan oom cases) and clearly reported by cli utilities in their log messages

@SweetVishnya
Copy link
Collaborator

That should've been handled here and there. I have no clue why that failed in your case...

@SweetVishnya
Copy link
Collaborator

Can you run casr-san directly on crash input and provide its output?

@niksankin
Copy link
Author 

~$ ASAN_OPTIONS="detect_leaks=0:abort_on_error=1:symbolize=0:hard_rss_limit_mb=100" ./casr-san --stdout -- /some/program /some/crashfile
Error: Out of memory: hard_rss_limit_mb exhausted

@niksankin
Copy link
Author

niksankin commented Mar 31, 2025
edited
Loading

seems like casr-san handling this case correctly, but casr-afl fails to deduplicate reports and puts all .casrep files to clerr dir, leaving oom dir empty

@niksankin
Copy link
Author

example of such corrupted report (uname, binary name and cmd are replaced):

{
  "Date": "2025-03-31T14:00:36.933649+00:00",
  "Uname": "Some Uname",
  "OS": "",
  "OSRelease": "",
  "Architecture": "",
  "ExecutablePath": "/some/program",
  "ProcEnviron": [
    "ASAN_OPTIONS=detect_leaks=0:abort_on_error=1:symbolize=0:hard_rss_limit_mb=100",
    "PWD=/data/casr-x86_64-unknown-linux-gnu",
    "container=podman",
    "HOME=/root",
    "TERM=xterm",
    "SHLVL=1",
    "which_declare=declare -f",
    "PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    "OLDPWD=/data",
    "BASH_FUNC_which%%=() {  ( alias;\n eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@\n}",
    "_=./casr-afl"
  ],
  "ProcCmdline": "/some/program /some/crashfile",
  "Stdin": "",
  "ProcStatus": [],
  "ProcMaps": [
    "          Start Addr           End Addr       Size     Offset objfile",
    "          0x7fff7000         0x8fff7000 0x10000000        0x0 ",
    "          0x8fff7000      0x2008fff7000 0x20000000000        0x0 ",
    "       0x2008fff7000     0x10007fff8000 0xdfff0001000        0x0 ",
    "      0x555555554000     0x5555555fb000    0xa7000        0x0 /some/program",
    "      0x5555555fb000     0x555555e64000   0x869000    0xa7000 /some/program",
    "      0x555555e64000     0x555555f6a000   0x106000   0x910000 /some/program",
    "      0x555555f6a000     0x555555f6d000     0x3000   0xa15000 /some/program",
    "      0x555555f6d000     0x555555ff5000    0x88000   0xa18000 /some/program",
    "      0x555555ff5000     0x5555561f6000   0x201000        0x0 [heap]",
    "      0x600000000000     0x602000000000 0x2000000000        0x0 ",
    "      0x602000000000     0x602000020000    0x20000        0x0 ",
    "      0x602000020000     0x602e00000000 0xdfffe0000        0x0 ",
    "      0x602e00000000     0x602e00010000    0x10000        0x0 ",
    "      0x602e00010000     0x603000000000 0x1ffff0000        0x0 ",
    "      0x603000000000     0x603000040000    0x40000        0x0 ",
    "      0x603000040000     0x603e00000000 0xdfffc0000        0x0 ",
    "      0x603e00000000     0x603e00010000    0x10000        0x0 ",
    "      0x603e00010000     0x604000000000 0x1ffff0000        0x0 ",
    "      0x604000000000     0x604000010000    0x10000        0x0 ",
    "      0x604000010000     0x604e00000000 0xdffff0000        0x0 ",
    "      0x604e00000000     0x604e00010000    0x10000        0x0 ",
    "      0x604e00010000     0x606000000000 0x11ffff0000        0x0 ",
    "      0x606000000000     0x606000010000    0x10000        0x0 ",
    "      0x606000010000     0x606e00000000 0xdffff0000        0x0 ",
    "      0x606e00000000     0x606e00010000    0x10000        0x0 ",
    "      0x606e00010000     0x607000000000 0x1ffff0000        0x0 ",
    "      0x607000000000     0x607000010000    0x10000        0x0 ",
    "      0x607000010000     0x607e00000000 0xdffff0000        0x0 ",
    "      0x607e00000000     0x607e00010000    0x10000        0x0 ",
    "      0x607e00010000     0x608000000000 0x1ffff0000        0x0 ",
    "      0x608000000000     0x608000010000    0x10000        0x0 ",
    "      0x608000010000     0x608e00000000 0xdffff0000        0x0 ",
    "      0x608e00000000     0x608e00010000    0x10000        0x0 ",
    "      0x608e00010000     0x60b000000000 0x21ffff0000        0x0 ",
    "      0x60b000000000     0x60b000010000    0x10000        0x0 ",
    "      0x60b000010000     0x60be00000000 0xdffff0000        0x0 ",
    "      0x60be00000000     0x60be00010000    0x10000        0x0 ",
    "      0x60be00010000     0x60c000000000 0x1ffff0000        0x0 ",
    "      0x60c000000000     0x60c000020000    0x20000        0x0 ",
    "      0x60c000020000     0x60ce00000000 0xdfffe0000        0x0 ",
    "      0x60ce00000000     0x60ce00010000    0x10000        0x0 ",
    "      0x60ce00010000     0x60d000000000 0x1ffff0000        0x0 ",
    "      0x60d000000000     0x60d000010000    0x10000        0x0 ",
    "      0x60d000010000     0x60de00000000 0xdffff0000        0x0 ",
    "      0x60de00000000     0x60de00010000    0x10000        0x0 ",
    "      0x60de00010000     0x60e000000000 0x1ffff0000        0x0 ",
    "      0x60e000000000     0x60e000010000    0x10000        0x0 ",
    "      0x60e000010000     0x60ee00000000 0xdffff0000        0x0 ",
    "      0x60ee00000000     0x60ee00010000    0x10000        0x0 ",
    "      0x60ee00010000     0x60f000000000 0x1ffff0000        0x0 ",
    "      0x60f000000000     0x60f000010000    0x10000        0x0 ",
    "      0x60f000010000     0x60fe00000000 0xdffff0000        0x0 ",
    "      0x60fe00000000     0x60fe00010000    0x10000        0x0 ",
    "      0x60fe00010000     0x610000000000 0x1ffff0000        0x0 ",
    "      0x610000000000     0x610000010000    0x10000        0x0 ",
    "      0x610000010000     0x610e00000000 0xdffff0000        0x0 ",
    "      0x610e00000000     0x610e00010000    0x10000        0x0 ",
    "      0x610e00010000     0x611000000000 0x1ffff0000        0x0 ",
    "      0x611000000000     0x611000020000    0x20000        0x0 ",
    "      0x611000020000     0x611e00000000 0xdfffe0000        0x0 ",
    "      0x611e00000000     0x611e00010000    0x10000        0x0 ",
    "      0x611e00010000     0x612000000000 0x1ffff0000        0x0 ",
    "      0x612000000000     0x612000010000    0x10000        0x0 ",
    "      0x612000010000     0x612e00000000 0xdffff0000        0x0 ",
    "      0x612e00000000     0x612e00010000    0x10000        0x0 ",
    "      0x612e00010000     0x613000000000 0x1ffff0000        0x0 ",
    "      0x613000000000     0x613000010000    0x10000        0x0 ",
    "      0x613000010000     0x613e00000000 0xdffff0000        0x0 ",
    "      0x613e00000000     0x613e00010000    0x10000        0x0 ",
    "      0x613e00010000     0x614000000000 0x1ffff0000        0x0 ",
    "      0x614000000000     0x614000010000    0x10000        0x0 ",
    "      0x614000010000     0x614e00000000 0xdffff0000        0x0 ",
    "      0x614e00000000     0x614e00010000    0x10000        0x0 ",
    "      0x614e00010000     0x615000000000 0x1ffff0000        0x0 ",
    "      0x615000000000     0x615000010000    0x10000        0x0 ",
    "      0x615000010000     0x615e00000000 0xdffff0000        0x0 ",
    "      0x615e00000000     0x615e00010000    0x10000        0x0 ",
    "      0x615e00010000     0x616000000000 0x1ffff0000        0x0 ",
    "      0x616000000000     0x616000010000    0x10000        0x0 ",
    "      0x616000010000     0x616e00000000 0xdffff0000        0x0 ",
    "      0x616e00000000     0x616e00010000    0x10000        0x0 ",
    "      0x616e00010000     0x617000000000 0x1ffff0000        0x0 ",
    "      0x617000000000     0x617000010000    0x10000        0x0 ",
    "      0x617000010000     0x617e00000000 0xdffff0000        0x0 ",
    "      0x617e00000000     0x617e00010000    0x10000        0x0 ",
    "      0x617e00010000     0x619000000000 0x11ffff0000        0x0 ",
    "      0x619000000000     0x619000010000    0x10000        0x0 ",
    "      0x619000010000     0x619e00000000 0xdffff0000        0x0 ",
    "      0x619e00000000     0x619e00010000    0x10000        0x0 ",
    "      0x619e00010000     0x61b000000000 0x11ffff0000        0x0 ",
    "      0x61b000000000     0x61b000010000    0x10000        0x0 ",
    "      0x61b000010000     0x61be00000000 0xdffff0000        0x0 ",
    "      0x61be00000000     0x61be00010000    0x10000        0x0 ",
    "      0x61be00010000     0x61c000000000 0x1ffff0000        0x0 ",
    "      0x61c000000000     0x61c000010000    0x10000        0x0 ",
    "      0x61c000010000     0x61ce00000000 0xdffff0000        0x0 ",
    "      0x61ce00000000     0x61ce00010000    0x10000        0x0 ",
    "      0x61ce00010000     0x61d000000000 0x1ffff0000        0x0 ",
    "      0x61d000000000     0x61d000040000    0x40000        0x0 ",
    "      0x61d000040000     0x61de00000000 0xdfffc0000        0x0 ",
    "      0x61de00000000     0x61de00010000    0x10000        0x0 ",
    "      0x61de00010000     0x61e000000000 0x1ffff0000        0x0 ",
    "      0x61e000000000     0x61e000050000    0x50000        0x0 ",
    "      0x61e000050000     0x61ee00000000 0xdfffb0000        0x0 ",
    "      0x61ee00000000     0x61ee00010000    0x10000        0x0 ",
    "      0x61ee00010000     0x61f000000000 0x1ffff0000        0x0 ",
    "      0x61f000000000     0x61f000010000    0x10000        0x0 ",
    "      0x61f000010000     0x61fe00000000 0xdffff0000        0x0 ",
    "      0x61fe00000000     0x61fe00010000    0x10000        0x0 ",
    "      0x61fe00010000     0x621000000000 0x11ffff0000        0x0 ",
    "      0x621000000000     0x621000010000    0x10000        0x0 ",
    "      0x621000010000     0x621e00000000 0xdffff0000        0x0 ",
    "      0x621e00000000     0x621e00010000    0x10000        0x0 ",
    "      0x621e00010000     0x622000000000 0x1ffff0000        0x0 ",
    "      0x622000000000     0x622000010000    0x10000        0x0 ",
    "      0x622000010000     0x622e00000000 0xdffff0000        0x0 ",
    "      0x622e00000000     0x622e00010000    0x10000        0x0 ",
    "      0x622e00010000     0x624000000000 0x11ffff0000        0x0 ",
    "      0x624000000000     0x624000010000    0x10000        0x0 ",
    "      0x624000010000     0x624e00000000 0xdffff0000        0x0 ",
    "      0x624e00000000     0x624e00010000    0x10000        0x0 ",
    "      0x624e00010000     0x625000000000 0x1ffff0000        0x0 ",
    "      0x625000000000     0x625000010000    0x10000        0x0 ",
    "      0x625000010000     0x625e00000000 0xdffff0000        0x0 ",
    "      0x625e00000000     0x625e00010000    0x10000        0x0 ",
    "      0x625e00010000     0x629000000000 0x31ffff0000        0x0 ",
    "      0x629000000000     0x629000030000    0x30000        0x0 ",
    "      0x629000030000     0x629e00000000 0xdfffd0000        0x0 ",
    "      0x629e00000000     0x629e00010000    0x10000        0x0 ",
    "      0x629e00010000     0x62d000000000 0x31ffff0000        0x0 ",
    "      0x62d000000000     0x62d000010000    0x10000        0x0 ",
    "      0x62d000010000     0x62de00000000 0xdffff0000        0x0 ",
    "      0x62de00000000     0x62de00010000    0x10000        0x0 ",
    "      0x62de00010000     0x631000000000 0x31ffff0000        0x0 ",
    "      0x631000000000     0x631000020000    0x20000        0x0 ",
    "      0x631000020000     0x631e00000000 0xdfffe0000        0x0 ",
    "      0x631e00000000     0x631e00010000    0x10000        0x0 ",
    "      0x631e00010000     0x640000000000 0xe1ffff0000        0x0 ",
    "      0x640000000000     0x640000003000     0x3000        0x0 ",
    "      0x7ffff33d0000     0x7ffff3434000    0x64000        0x0 ",
    "      0x7ffff3434000     0x7ffff3435000     0x1000        0x0 ",
    "      0x7ffff3435000     0x7ffff5c78000  0x2843000        0x0 ",
    "      0x7ffff5c78000     0x7ffff6458000   0x7e0000        0x0 ",
    "      0x7ffff6458000     0x7ffff67c4000   0x36c000        0x0 ",
    "      0x7ffff67c4000     0x7ffff67c7000     0x3000        0x0 /usr/lib64/libz.so.1.2.11",
    "      0x7ffff67c7000     0x7ffff67d5000     0xe000     0x3000 /usr/lib64/libz.so.1.2.11",
    "      0x7ffff67d5000     0x7ffff67db000     0x6000    0x11000 /usr/lib64/libz.so.1.2.11",
    "      0x7ffff67db000     0x7ffff67dc000     0x1000    0x17000 /usr/lib64/libz.so.1.2.11",
    "      0x7ffff67dc000     0x7ffff67dd000     0x1000    0x17000 /usr/lib64/libz.so.1.2.11",
    "      0x7ffff67dd000     0x7ffff67de000     0x1000        0x0 ",
    "      0x7ffff67de000     0x7ffff67eb000     0xd000        0x0 /usr/lib64/libm.so.6",
    "      0x7ffff67eb000     0x7ffff685b000    0x70000     0xd000 /usr/lib64/libm.so.6",
    "      0x7ffff685b000     0x7ffff68b7000    0x5c000    0x7d000 /usr/lib64/libm.so.6",
    "      0x7ffff68b7000     0x7ffff68b8000     0x1000    0xd8000 /usr/lib64/libm.so.6",
    "      0x7ffff68b8000     0x7ffff68b9000     0x1000    0xd9000 /usr/lib64/libm.so.6",
    "      0x7ffff68b9000     0x7ffff6952000    0x99000        0x0 /usr/lib64/libstdc++.so.6.0.29",
    "      0x7ffff6952000     0x7ffff6a5e000   0x10c000    0x99000 /usr/lib64/libstdc++.so.6.0.29",
    "      0x7ffff6a5e000     0x7ffff6ad1000    0x73000   0x1a5000 /usr/lib64/libstdc++.so.6.0.29",
    "      0x7ffff6ad1000     0x7ffff6ade000     0xd000   0x217000 /usr/lib64/libstdc++.so.6.0.29",
    "      0x7ffff6ade000     0x7ffff6adf000     0x1000   0x224000 /usr/lib64/libstdc++.so.6.0.29",
    "      0x7ffff6adf000     0x7ffff6ae2000     0x3000        0x0 ",
    "      0x7ffff6ae2000     0x7ffff6b0a000    0x28000        0x0 /usr/lib64/libc.so.6",
    "      0x7ffff6b0a000     0x7ffff6c7f000   0x175000    0x28000 /usr/lib64/libc.so.6",
    "      0x7ffff6c7f000     0x7ffff6cd7000    0x58000   0x19d000 /usr/lib64/libc.so.6",
    "      0x7ffff6cd7000     0x7ffff6cd8000     0x1000   0x1f5000 /usr/lib64/libc.so.6",
    "      0x7ffff6cd8000     0x7ffff6cdc000     0x4000   0x1f5000 /usr/lib64/libc.so.6",
    "      0x7ffff6cdc000     0x7ffff6cde000     0x2000   0x1f9000 /usr/lib64/libc.so.6",
    "      0x7ffff6cde000     0x7ffff6ceb000     0xd000        0x0 ",
    "      0x7ffff6ceb000     0x7ffff6cee000     0x3000        0x0 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6cee000     0x7ffff6d00000    0x12000     0x3000 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6d00000     0x7ffff6d03000     0x3000    0x15000 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6d03000     0x7ffff6d04000     0x1000    0x18000 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6d04000     0x7ffff6d05000     0x1000    0x18000 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6d05000     0x7ffff6d06000     0x1000    0x19000 /usr/lib64/libgcc_s-11-20231218.so.1",
    "      0x7ffff6d06000     0x7ffff6d07000     0x1000        0x0 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d07000     0x7ffff6d0d000     0x6000     0x1000 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d0d000     0x7ffff6d0e000     0x1000     0x7000 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d0e000     0x7ffff6d0f000     0x1000     0x8000 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d0f000     0x7ffff6d10000     0x1000     0x8000 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d10000     0x7ffff6d11000     0x1000     0x9000 /usr/lib64/libprotobuf-c.so.1.0.0",
    "      0x7ffff6d11000     0x7ffff6d13000     0x2000        0x0 ",
    "      0x7ffff6d13000     0x7ffff6d18000     0x5000        0x0 /usr/lib64/libnghttp2.so.14.20.1",
    "      0x7ffff6d18000     0x7ffff6d2d000    0x15000     0x5000 /usr/lib64/libnghttp2.so.14.20.1",
    "      0x7ffff6d2d000     0x7ffff6d39000     0xc000    0x1a000 /usr/lib64/libnghttp2.so.14.20.1",
    "      0x7ffff6d39000     0x7ffff6d3c000     0x3000    0x25000 /usr/lib64/libnghttp2.so.14.20.1",
    "      0x7ffff6d3c000     0x7ffff6d3d000     0x1000    0x28000 /usr/lib64/libnghttp2.so.14.20.1",
    "      0x7ffff6d3d000     0x7ffff6dea000    0xad000        0x0 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff6dea000     0x7ffff7046000   0x25c000    0xad000 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff7046000     0x7ffff7113000    0xcd000   0x309000 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff7113000     0x7ffff7114000     0x1000   0x3d6000 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff7114000     0x7ffff716a000    0x56000   0x3d6000 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff716a000     0x7ffff716d000     0x3000   0x42c000 /usr/lib64/libcrypto.so.3.0.7",
    "      0x7ffff716d000     0x7ffff7170000     0x3000        0x0 ",
    "      0x7ffff7170000     0x7ffff71ca000    0x5a000        0x0 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff71ca000     0x7ffff737f000   0x1b5000    0x5a000 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff737f000     0x7ffff7473000    0xf4000   0x20f000 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff7473000     0x7ffff7474000     0x1000   0x303000 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff7474000     0x7ffff747a000     0x6000   0x303000 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff747a000     0x7ffff74b1000    0x37000   0x309000 /usr/lib64/libpython3.9.so.1.0",
    "      0x7ffff74b1000     0x7ffff74d3000    0x22000        0x0 ",
    "      0x7ffff74d3000     0x7ffff74e1000     0xe000        0x0 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff74e1000     0x7ffff7515000    0x34000     0xe000 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff7515000     0x7ffff7528000    0x13000    0x42000 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff7528000     0x7ffff7529000     0x1000    0x55000 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff7529000     0x7ffff752b000     0x2000    0x55000 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff752b000     0x7ffff752c000     0x1000    0x57000 /usr/lib64/libevent-2.1.so.7.0.1",
    "      0x7ffff752c000     0x7ffff754a000    0x1e000        0x0 /usr/lib64/libssl.so.3.0.7",
    "      0x7ffff754a000     0x7ffff75a7000    0x5d000    0x1e000 /usr/lib64/libssl.so.3.0.7",
    "      0x7ffff75a7000     0x7ffff75c4000    0x1d000    0x7b000 /usr/lib64/libssl.so.3.0.7",
    "      0x7ffff75c4000     0x7ffff75ce000     0xa000    0x97000 /usr/lib64/libssl.so.3.0.7",
    "      0x7ffff75ce000     0x7ffff75d2000     0x4000    0xa1000 /usr/lib64/libssl.so.3.0.7",
    "      0x7ffff75d2000     0x7ffff75f6000    0x24000        0x0 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff75f6000     0x7ffff76cd000    0xd7000    0x24000 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff76cd000     0x7ffff76ff000    0x32000    0xfb000 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff76ff000     0x7ffff7700000     0x1000   0x12d000 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff7700000     0x7ffff7704000     0x4000   0x12d000 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff7704000     0x7ffff7707000     0x3000   0x131000 /usr/lib64/libasan.so.6.0.0",
    "      0x7ffff7707000     0x7ffff7fbd000   0x8b6000        0x0 ",
    "      0x7ffff7fbd000     0x7ffff7fc1000     0x4000        0x0 ",
    "      0x7ffff7fc1000     0x7ffff7fc5000     0x4000        0x0 [vvar]",
    "      0x7ffff7fc5000     0x7ffff7fc7000     0x2000        0x0 [vdso]",
    "      0x7ffff7fc7000     0x7ffff7fc9000     0x2000        0x0 /usr/lib64/ld-linux-x86-64.so.2",
    "      0x7ffff7fc9000     0x7ffff7fef000    0x26000     0x2000 /usr/lib64/ld-linux-x86-64.so.2",
    "      0x7ffff7fef000     0x7ffff7ffa000     0xb000    0x28000 /usr/lib64/ld-linux-x86-64.so.2",
    "      0x7ffff7ffa000     0x7ffff7ffb000     0x1000        0x0 ",
    "      0x7ffff7ffb000     0x7ffff7ffd000     0x2000    0x33000 /usr/lib64/ld-linux-x86-64.so.2",
    "      0x7ffff7ffd000     0x7ffff7fff000     0x2000    0x35000 /usr/lib64/ld-linux-x86-64.so.2",
    "      0x7ffffffde000     0x7ffffffff000    0x21000        0x0 [stack]",
    "  0xffffffffff600000 0xffffffffff601000     0x1000        0x0 [vsyscall]"
  ],
  "ProcFiles": [],
  "NetworkConnections": [],
  "CrashSeverity": {
    "Type": "UNDEFINED",
    "ShortDescription": "Undefined",
    "Description": "Undefined class",
    "Explanation": "There is no execution class for this type of exception"
  },
  "Stacktrace": [
    "#0  0x00007ffff6bb6075 in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6",
    "#1  0x00007ffff6bbac87 in nanosleep () from /lib64/libc.so.6",
    "#2  0x00007ffff6be6b29 in usleep () from /lib64/libc.so.6",
    "#3  0x00007ffff769932a in __sanitizer::BackgroundThread(void*) () from /lib64/libasan.so.6",
    "#4  0x00007ffff6b6bc02 in start_thread () from /lib64/libc.so.6",
    "#5  0x00007ffff6befed4 in clone () from /lib64/libc.so.6"
  ],
  "Registers": {
    "r14": 140737332558128,
    "k6": 0,
    "rip": 140737332863093,
    "r9": 140737283049024,
    "k3": 0,
    "rdi": 0,
    "k5": 0,
    "fs": 0,
    "ds": 0,
    "rdx": 140737283046608,
    "r15": 0,
    "k0": 32768,
    "rsi": 0,
    "k2": 0,
    "es": 0,
    "k1": 67109393,
    "rbx": 0,
    "r12": 100,
    "r13": 0,
    "rax": 18446744073709551100,
    "r11": 659,
    "r8": 0,
    "gs": 0,
    "k4": 0,
    "rsp": 140737283046544,
    "rbp": 0,
    "r10": 0,
    "k7": 0,
    "rcx": 140737332863093,
    "eflags": 659,
    "ss": 43,
    "cs": 51
  },
  "Disassembly": [
    "=> 0x7ffff6bb6075 :\tmov    edi,r8d",
    "   0x7ffff6bb6078 :\tmov    QWORD PTR [rsp],rax",
    "   0x7ffff6bb607c :\tcall   0x7ffff6b680c0 ",
    "   0x7ffff6bb6081 :\tmov    rax,QWORD PTR [rsp]",
    "   0x7ffff6bb6085 :\tadd    rsp,0x28",
    "   0x7ffff6bb6089 :\tneg    eax",
    "   0x7ffff6bb608b :\tret    ",
    "   0x7ffff6bb608c :\tnop    DWORD PTR [rax+0x0]",
    "   0x7ffff6bb6090 :\tmov    eax,0x16",
    "   0x7ffff6bb6095 :\tret    ",
    "   0x7ffff6bb6096:\tnop    WORD PTR cs:[rax+rax*1+0x0]",
    "   0x7ffff6bb60a0 :\tpush   r15",
    "   0x7ffff6bb60a2 :\tpush   r14",
    "   0x7ffff6bb60a4 :\tpush   r13",
    "   0x7ffff6bb60a6 :\tpush   r12",
    "   0x7ffff6bb60a8 :\tlea    r12,[rip+0x1279f1]        # 0x7ffff6cddaa0 "
  ],
  "Package": "",
  "PackageVersion": "",
  "PackageArchitecture": "",
  "PackageDescription": "",
  "AsanReport": [],
  "UbsanReport": [],
  "PythonReport": [],
  "GoReport": [],
  "JavaReport": [],
  "RustReport": [],
  "JsReport": [],
  "CSharpReport": [],
  "CrashLine": "",
  "Source": []
}

@SweetVishnya
Copy link
Collaborator

btw, -- /some/program @@ option is for running under casr-gdb, to override fuzz target run argv, also, use --ignore-cmdline

@SweetVishnya
Copy link
Collaborator

Try rerunning the same casr-afl command with an additional --ignore-cmdline option.

@SweetVishnya
Copy link
Collaborator

You may, also, try running with -l debug. Thus, you'll see all executed programs.

@SweetVishnya SweetVishnya added the question Further information is requested label Apr 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SweetVishnya @niksankin