-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
Expected results
Fuzzer nightly run should pass
Actual Results
[2024/05/17 00:52:07.062] #33 NEW cov: 3011 ft: 3310 corp: 13/28b lim: 4 exec/s: 0 rss: 92Mb L: 2/4 MS: 4 InsertByte-ChangeByte-CopyPart-ChangeBit- [2024/05/17 00:52:07.065] NEW_FUNC[1/3]: 0xaaaab92d9ad8 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf89ad8) [2024/05/17 00:52:07.065] NEW_FUNC[2/3]: 0xaaaab92e93d4 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf993d4) [2024/05/17 00:52:07.065] #36 NEW cov: 3021 ft: 3321 corp: 14/30b lim: 4 exec/s: 0 rss: 92Mb L: 2/4 MS: 3 CrossOver-InsertByte-ChangeBit- [2024/05/17 00:52:07.082] NEW_FUNC[1/186]: 0xaaaab92d3bd8 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf83bd8) [2024/05/17 00:52:07.098] NEW_FUNC[2/186]: 0xaaaab92d9e00 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf89e00) [2024/05/17 00:52:07.098] #40 NEW cov: 4251 ft: 5061 corp: 15/33b lim: 4 exec/s: 0 rss: 96Mb L: 3/4 MS: 4 InsertByte-ChangeBit-CopyPart-InsertByte- [2024/05/17 00:52:07.098] NEW_FUNC[1/2]: 0xaaaab92e9818 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf99818) [2024/05/17 00:52:07.098] NEW_FUNC[2/2]: 0xaaaab935f614 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0x100f614) [2024/05/17 00:52:07.098] #44 NEW cov: 4258 ft: 5068 corp: 16/35b lim: 4 exec/s: 0 rss: 96Mb L: 2/4 MS: 4 EraseBytes-ShuffleBytes-ChangeByte-InsertByte- [2024/05/17 00:52:07.099] #45 NEW cov: 4271 ft: 5088 corp: 17/38b lim: 4 exec/s: 0 rss: 97Mb L: 3/4 MS: 1 ChangeByte- [2024/05/17 00:52:07.102] #47 NEW cov: 4273 ft: 5090 corp: 18/41b lim: 4 exec/s: 0 rss: 97Mb L: 3/4 MS: 2 CrossOver-InsertByte- [2024/05/17 00:52:07.113] #56 NEW cov: 4273 ft: 5092 corp: 19/45b lim: 4 exec/s: 0 rss: 98Mb L: 4/4 MS: 4 CopyPart-ChangeByte-ShuffleBytes-CrossOver- [2024/05/17 00:52:07.129] #62 NEW cov: 4274 ft: 5093 corp: 20/47b lim: 4 exec/s: 0 rss: 99Mb L: 2/4 MS: 1 InsertByte- [2024/05/17 00:52:07.132] #66 NEW cov: 4274 ft: 5095 corp: 21/51b lim: 4 exec/s: 0 rss: 99Mb L: 4/4 MS: 4 ShuffleBytes-CopyPart-CrossOver-InsertByte- [2024/05/17 00:52:07.140] #69 NEW cov: 4276 ft: 5097 corp: 22/53b lim: 4 exec/s: 0 rss: 100Mb L: 2/4 MS: 3 ChangeBit-ChangeBit-CopyPart- [2024/05/17 00:52:07.143] #70 NEW cov: 4276 ft: 5101 corp: 23/57b lim: 4 exec/s: 0 rss: 100Mb L: 4/4 MS: 1 ShuffleBytes- [2024/05/17 00:52:07.168] #82 NEW cov: 4278 ft: 5103 corp: 24/60b lim: 4 exec/s: 0 rss: 101Mb L: 3/4 MS: 2 InsertByte-ChangeBinInt- [2024/05/17 00:52:07.179] #91 NEW cov: 4278 ft: 5105 corp: 25/64b lim: 4 exec/s: 0 rss: 102Mb L: 4/4 MS: 4 InsertByte-ChangeByte-InsertByte-ChangeBinInt- [2024/05/17 00:52:07.182] #94 NEW cov: 4278 ft: 5107 corp: 26/68b lim: 4 exec/s: 0 rss: 102Mb L: 4/4 MS: 3 ChangeBit-ChangeByte-CopyPart- [2024/05/17 00:52:07.183] ================================================================= [2024/05/17 00:52:07.183] ==4275==ERROR: AddressSanitizer: stack-use-after-scope on address 0xffff9ef5d020 at pc 0xaaaab92d4c3c bp 0xffffe5712a90 sp 0xffffe5712a88 [2024/05/17 00:52:07.184] READ of size 4 at 0xffff9ef5d020 thread T0 [2024/05/17 00:52:07.184] #0 0xaaaab92d4c38 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf84c38) [2024/05/17 00:52:07.184] #1 0xaaaab92d44fc (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf844fc) [2024/05/17 00:52:07.184] #2 0xaaaab92cc4cc (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf7c4cc) [2024/05/17 00:52:07.184] #3 0xaaaab92cb9d4 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf7b9d4) [2024/05/17 00:52:07.184] #4 0xaaaab92caf9c (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf7af9c) [2024/05/17 00:52:07.184] #5 0xaaaab917e848 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe2e848) [2024/05/17 00:52:07.184] #6 0xaaaab917e140 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe2e140) [2024/05/17 00:52:07.184] #7 0xaaaab917f7bc (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe2f7bc) [2024/05/17 00:52:07.184] #8 0xaaaab91805cc (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe305cc) [2024/05/17 00:52:07.184] #9 0xaaaab9170948 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe20948) [2024/05/17 00:52:07.184] #10 0xaaaab9198c80 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe48c80) [2024/05/17 00:52:07.184] #11 0xffffa06f73f8 (/lib/aarch64-linux-gnu/libc.so.6+0x273f8) (BuildId: 3ba44e06b9dc66aeeb2651db4dd015ffaf6e0849) [2024/05/17 00:52:07.184] #12 0xffffa06f74c8 (/lib/aarch64-linux-gnu/libc.so.6+0x274c8) (BuildId: 3ba44e06b9dc66aeeb2651db4dd015ffaf6e0849) [2024/05/17 00:52:07.184] #13 0xaaaab9164e2c (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xe14e2c) [2024/05/17 00:52:07.184] Address 0xffff9ef5d020 is located in stack of thread T0 at offset 32 in frame [2024/05/17 00:52:07.184] #0 0xaaaab92cb764 (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf7b764) [2024/05/17 00:52:07.184] This frame has 3 object(s): [2024/05/17 00:52:07.184] [32, 40) 'fuzzer.i' (line 57) <== Memory access at offset 32 is inside this variable [2024/05/17 00:52:07.184] [64, 1056) 'cnf.i' (line 47) [2024/05/17 00:52:07.184] [1184, 2176) 'cnf' (line 61) [2024/05/17 00:52:07.184] HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork [2024/05/17 00:52:07.184] (longjmp and C++ exceptions *are* supported) [2024/05/17 00:52:07.184] SUMMARY: AddressSanitizer: stack-use-after-scope (/data/mci/bd932e1d81668d8f96ae95e1b8030bd7/realm-core/build/test/realm-fuzzer/RelWithDebInfo/realm-libfuzz+0xf84c38) [2024/05/17 00:52:07.185] Shadow bytes around the buggy address: [2024/05/17 00:52:07.185] 0xffff9ef5cd80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [2024/05/17 00:52:07.185] 0xffff9ef5ce00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [2024/05/17 00:52:07.185] 0xffff9ef5ce80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [2024/05/17 00:52:07.185] 0xffff9ef5cf00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [2024/05/17 00:52:07.185] 0xffff9ef5cf80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [2024/05/17 00:52:07.185] =>0xffff9ef5d000: f1 f1 f1 f1[f8]f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] 0xffff9ef5d080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] 0xffff9ef5d100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] 0xffff9ef5d180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] 0xffff9ef5d200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] 0xffff9ef5d280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [2024/05/17 00:52:07.185] Shadow byte legend (one shadow byte represents 8 application bytes):
Steps & Code to Reproduce
Unknown at the moment.
Core version
Core version: 14.7.0