Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/base-images/base-runner
History
Caolán McNamara 0f02ca5a56
retry sequentially if multiprocessing do_bad_build_check detects fail… (#5578) 
* retry sequentially if multiprocessing do_bad_build_check detects failures

https://github.com/google/oss-fuzz/issues/5441

The error seen in the build log is:

Whoops, the target binary crashed suddenly, before receiving any input
from the fuzzer!

suggesting that the fuzzer crashed before it got to do anything.
Debugging locally what I tend to see is that

a) in src/afl-forkserver.c afl_fsrv_start the read_s32_timed call
returns 0 and that triggers kill(fsrv->fsrv_pid, fsrv->kill_signal);
(SIGKILL)
b) read_s32_timed returns 0 because *stop_soon_p is non-zero at
restart_read:
c) *stop_soon_p becomes non-zero in handle_stop_sig of
src/afl-fuzz-init.c due to receiving SIGINT
d) that SIGINT is sent by the timeout script used in bad_build_check so
it is that "outer" timeout process which is sending SIGINT which then
triggers afl-forkserver's internal SIGKILL to kill the process

I get improved results if I retry the killed off fuzzers sequentially

* Remove unneeded semicolons to fix presubmit

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 		2021-04-05 12:50:15 -07:00
..
gocoverage Golang coverage summary updated to version 2.0.1 (#5346) 2021-03-17 06:53:19 -07:00
Dockerfile Fix unzip regression on base-runner. (#5356) 2021-03-10 10:46:58 -08:00
README.md [test_all] Rewrite in Python (#4769) 2020-12-03 12:52:34 -08:00
bad_build_check [TSAN] Support TSAN (#5266) 2021-03-02 09:20:40 -08:00
collect_dft [infra] Fix a typo in collect_dft bash script. 2020-07-13 10:19:57 -07:00
coverage Golang coverage: use absolute paths (#5407) 2021-03-16 12:19:02 -07:00
coverage_helper
dataflow_tracer.py Disable linting on dataflow_tracer 2021-01-20 13:40:50 -08:00
download_corpus Revert "Don't create empty corpus archive as it wont unpack. (#3903)" (#4048) 2020-06-30 13:03:44 -07:00
parse_options.py [infra] Add support for custom sanitizer options in run_fuzzer. (#4274) 2020-08-07 12:48:23 -07:00
rcfilt Rust coverage report (for Suricata) (#4697) 2021-03-08 07:05:35 -08:00
reproduce [infra] Fix reproduce command invoking run_fuzzer for a single testcase (#4338). (#4367) 2020-08-25 11:38:50 -07:00
run_fuzzer remove map size for afl++ (#5433) 2021-03-18 14:49:58 +00:00
targets_list
test_all.py retry sequentially if multiprocessing do_bad_build_check detects fail… (#5578) 2021-04-05 12:50:15 -07:00
test_all_test.py Improve CIFuzz tests (#4868) 2020-12-18 10:37:56 -08:00
test_one.py [base-runner][NFC] Replace test_one with test_one.py (#5179) 2021-02-16 06:14:53 -08:00

README.md

base-runner

Base image for fuzzer runners.

docker run -ti gcr.io/oss-fuzz-base/base-runner <command> <args>

Commands

Command Description
reproduce <fuzzer_name> <fuzzer_options> build all fuzz targets and run specified one with testcase /testcase and given options.
run_fuzzer <fuzzer_name> <fuzzer_options> runs specified fuzzer combining options with .options file
test_all.py runs every binary in /out as a fuzzer for a while to ensure it works.

Examples

  • Reproduce using latest OSS-Fuzz build:
docker run --rm -ti -v <testcase_path>:/testcase gcr.io/oss-fuzz/$PROJECT_NAME reproduce <fuzzer_name>
  • Reproduce using local source checkout:
docker run --rm -ti -v <source_path>:/src/$PROJECT_NAME \
                    -v <testcase_path>:/testcase gcr.io/oss-fuzz/$PROJECT_NAME \
                    reproduce <fuzzer_name>