Skip to content
This repository was archived by the owner on Jun 4, 2024. It is now read-only.

[FUZZ] Beaconfuzz_v2 crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2 in struct_block #76

Closed
7 tasks done
Daft-Wullie opened this issue Sep 18, 2020 · 2 comments
Closed
7 tasks done

[FUZZ] Beaconfuzz_v2 crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2 in struct_block #76

Daft-Wullie opened this issue Sep 18, 2020 · 2 comments
Labels
bug Something isn't working

Comments

@Daft-Wullie
Copy link

Daft-Wullie commented Sep 18, 2020
edited
Loading

I've done and provided the following:

  • Checked to see if any other [FUZZ] issue already refers to that crasher
  • Attached the crashing input (either attached to the issue as a .zip or .gz, or as a link to a file sharing service)
  • Noted the beacon-fuzz version or commit used.
  • Provided crash output
  • Noted the command or fuzzer used to generate the crash
  • Name of the original crash file
  • (Optional but optimal) Checked if the crash can be consistently replicated by re-running the input.

Info to Reproduce

Crash output and stacktrace

thread '<unnamed>' panicked at 'assertion failed: `(left == right)`
  left: `false`,
 right: `true`', /home/beacon-fuzz/beaconfuzz_v2/libs/eth2clientsfuzz/src/block.rs:30:17
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Traceback (most recent call last, using override)
/home/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(614) signalHandler
SIGABRT: Abnormal termination.
==10062== ERROR: libFuzzer: fuzz target exited
    #0 0x5587ea66c901  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xb99901)
    #1 0x5587ecafecc0  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x302bcc0)
    #2 0x5587ecb13a2b  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x3040a2b)
    #3 0x7f266c448a26  (/lib/x86_64-linux-gnu/libc.so.6+0x49a26)
    #4 0x7f266c448bdf  (/lib/x86_64-linux-gnu/libc.so.6+0x49bdf)
    #5 0x5587ea8ca11c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xdf711c)
    #6 0x7f266c44520f  (/lib/x86_64-linux-gnu/libc.so.6+0x4620f)
    #7 0x7f266c44518a  (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
    #8 0x7f266c424858  (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
    #9 0x5587ecbc58a6  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30f28a6)
    #10 0x5587ecbaeb95  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30dbb95)
    #11 0x5587ecaf2206  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x301f206)
    #12 0x5587ecbb5dd7  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30e2dd7)
    #13 0x5587ecbb5988  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30e2988)
    #14 0x5587ecbb0e6b  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30dde6b)
    #15 0x5587ecbb5948  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30e2948)
    #16 0x5587ecbb58fa  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30e28fa)
    #17 0x5587ea7b005d  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xcdd05d)
    #18 0x5587ea73f00c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xc6c00c)
    #19 0x5587ecaf2230  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x301f230)
    #20 0x5587ecaf1e8f  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x301ee8f)
    #21 0x5587ecb13e8c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x3040e8c)
    #22 0x5587ecb1c040  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x3049040)
    #23 0x5587ecb1c9fc  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30499fc)
    #24 0x5587ecb1edff  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x304bdff)
    #25 0x5587ecaf03d9  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x301d3d9)
    #26 0x5587ea5e94b6  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xb164b6)
    #27 0x7f266c4260b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #28 0x5587ea5e965d  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xb1665d)

SUMMARY: libFuzzer: fuzz target exited
MS: 2 ShuffleBytes-CrossOver-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
0x0,0x43,0x43,0x43,0xa,0xa,0x0,0x0,0x0,0xff,0xff,0xa,0xff,0xff,0xa,0xa,0xff,0xa,0x11,0xa,0xa,0x11,0xa,0xa,0x11,0x11,0x11,0x11,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0xa,0x0,0xa,0xa,0x0,0x0,0x0,0xa,0x0,0x0,0x0,0x0,0x0,
\x00CCC\x0a\x0a\x00\x00\x00\xff\xff\x0a\xff\xff\x0a\x0a\xff\x0a\x11\x0a\x0a\x11\x0a\x0a\x11\x11\x11\x11\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x0a\x00\x0a\x0a\x00\x00\x00\x0a\x00\x00\x00\x00\x00
artifact_prefix='/home/beacon-fuzz/beaconfuzz_v2/fuzz/artifacts/struct_block/'; Test unit written to /home/beacon-fuzz/beaconfuzz_v2/fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2
Base64: AENDQwoKAAAA//8K//8KCv8KEQoKEQoKEREREQoKCgoKCgoKCgoKCgoKCgoKCgAKCgAAAAoAAAAAAA==

────────────────────────────────────────────────────────────────────────────────

Failing input:

        fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2

Output of `std::fmt::Debug`:

        SignedBeaconBlock {
            message: BeaconBlock {
                slot: Slot(11039194432256),
                proposer_index: 723672161012678400,
                parent_root: 0xff0a110a0a110a0a111111110a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a000a,
                state_root: 0x0a0000000a000000000000000000000000000000000000000000000000000000,
                body: BeaconBlockBody {
                    randao_reveal: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
                    eth1_data: Eth1Data {
                        deposit_root: 0x0000000000000000000000000000000000000000000000000000000000000000,
                        deposit_count: 0,
                        block_hash: 0x0000000000000000000000000000000000000000000000000000000000000000,
                    },
                    graffiti: [
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                        0,
                    ],
                    proposer_slashings: VariableList {
                        vec: [],
                        _phantom: PhantomData,
                    },
                    attester_slashings: VariableList {
                        vec: [],
                        _phantom: PhantomData,
                    },
                    attestations: VariableList {
                        vec: [],
                        _phantom: PhantomData,
                    },
                    deposits: VariableList {
                        vec: [],
                        _phantom: PhantomData,
                    },
                    voluntary_exits: VariableList {
                        vec: [],
                        _phantom: PhantomData,
                    },
                },
            },
            signature: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000,
        }

Reproduce with:

        cargo fuzz run struct_block fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2

Minimize test case with:

        cargo fuzz tmin struct_block fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2

────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit code: 77

command used to reproduce: ETH2FUZZ_BEACONSTATE=../eth2fuzz/workspace/corpora/beaconstate cargo +nightly fuzz run struct_block fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2

    Finished release [optimized] target(s) in 0.29s
     Running `fuzz/target/x86_64-unknown-linux-gnu/release/struct_block -artifact_prefix=/home/beacon-fuzz/beaconfuzz_v2/fuzz/artifacts/struct_block/ fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2`
INFO: Seed: 4036764528
INFO: Loaded 1 modules   (203653 inline 8-bit counters): 203653 [0x5602f6bd6461, 0x5602f6c07fe6),
INFO: Loaded 1 PC tables (203653 PCs): 203653 [0x5602f6c07fe8,0x5602f6f23838),
fuzz/target/x86_64-unknown-linux-gnu/release/struct_block: Running 1 inputs 1 time(s) each.
Running: fuzz/artifacts/struct_block/crash-b22ce997bf58f944a6b96aff5ffb3673e3ec75c2
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Could not get rough time result: no reply     prefix=roughtime
ERRO[0018] Failed to calculate roughtime offset          error="no valid responses" prefix=roughtime
thread '<unnamed>' panicked at 'assertion failed: `(left == right)`
  left: `false`,
 right: `true`', /home/beacon-fuzz/beaconfuzz_v2/libs/eth2clientsfuzz/src/block.rs:30:17
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Traceback (most recent call last, using override)
/home/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(614) signalHandler
SIGABRT: Abnormal termination.
==11756== ERROR: libFuzzer: fuzz target exited
    #0 0x5602f3529901  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xc18901)
    #1 0x5602f5a0c430  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30fb430)
    #2 0x5602f5a2119b  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x311019b)
    #3 0x7ff152035a26  (/lib/x86_64-linux-gnu/libc.so.6+0x49a26)
    #4 0x7ff152035bdf  (/lib/x86_64-linux-gnu/libc.so.6+0x49bdf)
    #5 0x5602f378fc2c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xe7ec2c)
    #6 0x7ff15203220f  (/lib/x86_64-linux-gnu/libc.so.6+0x4620f)
    #7 0x7ff15203218a  (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
    #8 0x7ff152011858  (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
    #9 0x5602f5ad32c6  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31c22c6)
    #10 0x5602f5abc5b5  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31ab5b5)
    #11 0x5602f59ff976  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30ee976)
    #12 0x5602f5ac37f7  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31b27f7)
    #13 0x5602f5ac33a8  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31b23a8)
    #14 0x5602f5abe88b  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31ad88b)
    #15 0x5602f5ac3368  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31b2368)
    #16 0x5602f5ac331a  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31b231a)
    #17 0x5602f367158d  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xd6058d)
    #18 0x5602f35feaa3  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xcedaa3)
    #19 0x5602f59ff9a0  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30ee9a0)
    #20 0x5602f59ff5ff  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30ee5ff)
    #21 0x5602f5a215fc  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x31105fc)
    #22 0x5602f59f2709  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30e1709)
    #23 0x5602f59fc502  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0x30eb502)
    #24 0x5602f34a64b6  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xb954b6)
    #25 0x7ff1520130b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #26 0x5602f34a665d  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_block+0xb9565d)

SUMMARY: libFuzzer: fuzz target exited
────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit code: 77

Your Environment

  • Fuzzer ran: beaconfuzz_v2
  • Version/Commit used: 9404192
  • Operating System and version: Ubuntu 20.04
@zedt3ster
Copy link
Member

It looks like this might be an issue with the block fuzzer itself - @pventuzelo is investigating and should be able to confirm shortly.

@pventuzelo
Copy link
Contributor

Thanks for the report @Daft-Wullie ;)

It's an issue in the fuzzer actually, the lighthouse harness was not returning an error in certain cases.
I fixed it in 3d0d06c

Thanks ;)

@pventuzelo pventuzelo added the bug Something isn't working label Nov 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pventuzelo @zedt3ster @Daft-Wullie