Created
February 1, 2020 10:36
-
-
Save jonatack/5d78f682e0b245455192567d6af12b7e to your computer and use it in GitHub Desktop.
Bitcoin Core PR #18029 fuzz/asmap test output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~/projects/bitcoin/bitcoin (pr/18029)$ src/test/fuzz/asmap | |
| INFO: Seed: 811301521 | |
| INFO: Loaded 1 modules (9536 inline 8-bit counters): 9536 [0x55b06f1c69a0, 0x55b06f1c8ee0), | |
| INFO: Loaded 1 PC tables (9536 PCs): 9536 [0x55b06f1c8ee0,0x55b06f1ee2e0), | |
| INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes | |
| INFO: A corpus is not provided, starting from an empty corpus | |
| #2 INITED cov: 108 ft: 109 corp: 1/1b exec/s: 0 rss: 50Mb | |
| NEW_FUNC[0/85]: 0x55b06f0cc660 in std::vector<unsigned char, std::allocator<unsigned char> > FuzzedDataProvider::ConsumeBytes<unsigned char>(unsigned long) /home/jon/projects/bitcoin/bitcoin/src/./test/fuzz/FuzzedDataProvider.h:41 | |
| NEW_FUNC[1/85]: 0x55b06f0cc9d0 in std::vector<unsigned char, std::allocator<unsigned char> >::data() /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_vector.h:1056 | |
| #4 NEW cov: 870 ft: 911 corp: 2/113b exec/s: 0 rss: 51Mb L: 112/112 MS: 2 ShuffleBytes-InsertRepeatedBytes- | |
| #10 NEW cov: 870 ft: 931 corp: 3/226b exec/s: 0 rss: 51Mb L: 113/113 MS: 1 InsertByte- | |
| #12 NEW cov: 870 ft: 995 corp: 4/390b exec/s: 0 rss: 51Mb L: 164/164 MS: 2 CopyPart-InsertRepeatedBytes- | |
| #13 NEW cov: 900 ft: 1061 corp: 5/456b exec/s: 0 rss: 51Mb L: 66/164 MS: 1 InsertRepeatedBytes- | |
| #16 NEW cov: 900 ft: 1092 corp: 6/517b exec/s: 0 rss: 51Mb L: 61/164 MS: 3 ChangeBinInt-ChangeBit-EraseBytes- | |
| #17 NEW cov: 900 ft: 1097 corp: 7/691b exec/s: 0 rss: 51Mb L: 174/174 MS: 1 CrossOver- | |
| #18 NEW cov: 900 ft: 1101 corp: 8/882b exec/s: 0 rss: 51Mb L: 191/191 MS: 1 InsertRepeatedBytes- | |
| #20 NEW cov: 900 ft: 1107 corp: 9/963b exec/s: 0 rss: 51Mb L: 81/191 MS: 2 CrossOver-InsertRepeatedBytes- | |
| #22 NEW cov: 900 ft: 1206 corp: 10/5059b exec/s: 0 rss: 51Mb L: 4096/4096 MS: 2 ShuffleBytes-CrossOver- | |
| #30 REDUCE cov: 900 ft: 1206 corp: 10/4554b exec/s: 0 rss: 51Mb L: 3591/3591 MS: 3 ChangeBinInt-ChangeBit-EraseBytes- | |
| #36 NEW cov: 900 ft: 1210 corp: 11/4745b exec/s: 0 rss: 51Mb L: 191/3591 MS: 1 CopyPart- | |
| #41 NEW cov: 900 ft: 1211 corp: 12/4928b exec/s: 0 rss: 51Mb L: 183/3591 MS: 5 CrossOver-ChangeBit-ChangeBinInt-InsertRepeatedBytes-EraseBytes- | |
| #45 NEW cov: 900 ft: 1234 corp: 13/5214b exec/s: 0 rss: 51Mb L: 286/3591 MS: 4 EraseBytes-CopyPart-ShuffleBytes-CopyPart- | |
| #53 NEW cov: 900 ft: 1253 corp: 14/5505b exec/s: 0 rss: 51Mb L: 291/3591 MS: 3 ChangeBinInt-CopyPart-EraseBytes- | |
| #55 NEW cov: 900 ft: 1257 corp: 15/5854b exec/s: 0 rss: 51Mb L: 349/3591 MS: 2 ShuffleBytes-CopyPart- | |
| #59 NEW cov: 901 ft: 1259 corp: 16/5974b exec/s: 0 rss: 51Mb L: 120/3591 MS: 4 ChangeBinInt-CMP-CopyPart-CMP- DE: "\x00\x00\x00\x00\x00\x00\x00\x07"-"\xfe\x80\x00\x00\x00\x00\x00\x00"- | |
| #62 NEW cov: 901 ft: 1262 corp: 17/6080b exec/s: 0 rss: 51Mb L: 106/3591 MS: 3 InsertRepeatedBytes-ShuffleBytes-InsertByte- | |
| #66 NEW cov: 901 ft: 1326 corp: 18/6174b exec/s: 0 rss: 51Mb L: 94/3591 MS: 4 InsertByte-CMP-ChangeBinInt-EraseBytes- DE: "\xff4"- | |
| #68 NEW cov: 956 ft: 1472 corp: 19/10270b exec/s: 0 rss: 52Mb L: 4096/4096 MS: 2 ShuffleBytes-CrossOver- | |
| #78 REDUCE cov: 956 ft: 1472 corp: 19/8894b exec/s: 0 rss: 52Mb L: 2720/3591 MS: 5 ChangeByte-ShuffleBytes-ChangeBinInt-CopyPart-EraseBytes- | |
| #83 NEW cov: 956 ft: 1537 corp: 20/8938b exec/s: 0 rss: 52Mb L: 44/3591 MS: 5 EraseBytes-ChangeBit-CMP-EraseBytes-EraseBytes- DE: "\x01\x00\x00\x10"- | |
| #94 NEW cov: 956 ft: 1545 corp: 21/9039b exec/s: 0 rss: 52Mb L: 101/3591 MS: 1 EraseBytes- | |
| #107 NEW cov: 956 ft: 1558 corp: 22/9073b exec/s: 0 rss: 52Mb L: 34/3591 MS: 3 InsertByte-InsertByte-EraseBytes- | |
| #110 REDUCE cov: 956 ft: 1582 corp: 23/12771b exec/s: 0 rss: 52Mb L: 3698/3698 MS: 3 PersAutoDict-ChangeByte-InsertRepeatedBytes- DE: "\x00\x00\x00\x00\x00\x00\x00\x07"- | |
| #117 NEW cov: 956 ft: 1586 corp: 24/12815b exec/s: 0 rss: 52Mb L: 44/3698 MS: 2 ShuffleBytes-ChangeBinInt- | |
| #119 NEW cov: 956 ft: 1602 corp: 25/16Kb exec/s: 0 rss: 52Mb L: 3699/3699 MS: 2 CMP-InsertByte- DE: "\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x01"- | |
| #120 NEW cov: 956 ft: 1646 corp: 26/16Kb exec/s: 0 rss: 52Mb L: 44/3699 MS: 1 ChangeByte- | |
| #127 NEW cov: 956 ft: 1650 corp: 27/16Kb exec/s: 0 rss: 52Mb L: 394/3699 MS: 2 CMP-InsertRepeatedBytes- DE: ">\x00"- | |
| #128 NEW cov: 957 ft: 1657 corp: 28/16Kb exec/s: 0 rss: 52Mb L: 93/3699 MS: 1 InsertRepeatedBytes- | |
| #150 NEW cov: 957 ft: 1663 corp: 29/16Kb exec/s: 0 rss: 53Mb L: 307/3699 MS: 2 ChangeBinInt-EraseBytes- | |
| #169 NEW cov: 957 ft: 1672 corp: 30/17Kb exec/s: 0 rss: 53Mb L: 151/3699 MS: 4 ChangeByte-ChangeBinInt-ChangeBinInt-InsertRepeatedBytes- | |
| #171 NEW cov: 957 ft: 1678 corp: 31/17Kb exec/s: 0 rss: 53Mb L: 84/3699 MS: 2 ShuffleBytes-CopyPart- | |
| #173 NEW cov: 957 ft: 1682 corp: 32/17Kb exec/s: 0 rss: 53Mb L: 191/3699 MS: 2 ChangeByte-ChangeBit- | |
| #174 NEW cov: 957 ft: 1683 corp: 33/17Kb exec/s: 0 rss: 53Mb L: 44/3699 MS: 1 ChangeBinInt- | |
| #175 NEW cov: 957 ft: 1694 corp: 34/21Kb exec/s: 0 rss: 53Mb L: 4096/4096 MS: 1 CrossOver- | |
| #178 NEW cov: 960 ft: 1700 corp: 35/21Kb exec/s: 0 rss: 53Mb L: 151/4096 MS: 3 ChangeBit-ChangeByte-CopyPart- | |
| #199 NEW cov: 960 ft: 1711 corp: 36/21Kb exec/s: 0 rss: 53Mb L: 295/4096 MS: 1 CrossOver- | |
| #201 NEW cov: 960 ft: 1717 corp: 37/21Kb exec/s: 0 rss: 53Mb L: 82/4096 MS: 2 ChangeBinInt-InsertByte- | |
| #202 NEW cov: 960 ft: 1723 corp: 38/22Kb exec/s: 0 rss: 53Mb L: 128/4096 MS: 1 EraseBytes- | |
| #210 REDUCE cov: 960 ft: 1742 corp: 39/24Kb exec/s: 0 rss: 53Mb L: 2836/4096 MS: 3 InsertByte-InsertRepeatedBytes-InsertRepeatedBytes- | |
| #225 NEW cov: 960 ft: 1744 corp: 40/28Kb exec/s: 0 rss: 53Mb L: 4096/4096 MS: 5 ShuffleBytes-ShuffleBytes-EraseBytes-ChangeByte-CrossOver- | |
| #236 NEW cov: 960 ft: 1748 corp: 41/28Kb exec/s: 0 rss: 53Mb L: 151/4096 MS: 1 ChangeByte- | |
| #244 NEW cov: 960 ft: 1762 corp: 42/29Kb exec/s: 0 rss: 53Mb L: 312/4096 MS: 3 CopyPart-InsertRepeatedBytes-ChangeBinInt- | |
| #246 NEW cov: 962 ft: 1764 corp: 43/33Kb exec/s: 0 rss: 53Mb L: 4096/4096 MS: 2 InsertRepeatedBytes-CrossOver- | |
| #275 NEW cov: 962 ft: 1777 corp: 44/37Kb exec/s: 0 rss: 54Mb L: 4096/4096 MS: 4 PersAutoDict-EraseBytes-CopyPart-CrossOver- DE: "\xfe\x80\x00\x00\x00\x00\x00\x00"- | |
| #280 NEW cov: 962 ft: 1783 corp: 45/37Kb exec/s: 0 rss: 54Mb L: 243/4096 MS: 5 ChangeBinInt-InsertByte-InsertByte-InsertRepeatedBytes-ChangeBinInt- | |
| #291 NEW cov: 962 ft: 1793 corp: 46/40Kb exec/s: 0 rss: 54Mb L: 2837/4096 MS: 1 InsertByte- | |
| #295 NEW cov: 962 ft: 1796 corp: 47/40Kb exec/s: 0 rss: 54Mb L: 464/4096 MS: 4 ChangeBit-CrossOver-InsertRepeatedBytes-InsertRepeatedBytes- | |
| #309 NEW cov: 962 ft: 1797 corp: 48/43Kb exec/s: 0 rss: 54Mb L: 3095/4096 MS: 4 ChangeByte-InsertRepeatedBytes-InsertRepeatedBytes-InsertRepeatedBytes- | |
| #324 NEW cov: 963 ft: 1818 corp: 49/44Kb exec/s: 0 rss: 54Mb L: 431/4096 MS: 5 CrossOver-ChangeBit-PersAutoDict-ChangeBit-CMP- DE: "\x01\x00\x00\x10"-"\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00"- | |
| #325 REDUCE cov: 963 ft: 1818 corp: 49/43Kb exec/s: 0 rss: 54Mb L: 3413/4096 MS: 1 EraseBytes- | |
| #340 NEW cov: 963 ft: 1821 corp: 50/46Kb exec/s: 0 rss: 54Mb L: 3185/4096 MS: 5 PersAutoDict-InsertRepeatedBytes-ChangeByte-ChangeBinInt-PersAutoDict- DE: "\xff4"-"\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00"- | |
| #344 REDUCE cov: 963 ft: 1821 corp: 50/45Kb exec/s: 0 rss: 54Mb L: 3419/4096 MS: 4 ShuffleBytes-ShuffleBytes-ChangeBit-EraseBytes- | |
| #368 NEW cov: 963 ft: 1832 corp: 51/46Kb exec/s: 0 rss: 55Mb L: 276/4096 MS: 4 ShuffleBytes-ChangeBit-ChangeByte-InsertRepeatedBytes- | |
| #378 REDUCE cov: 963 ft: 1832 corp: 51/46Kb exec/s: 0 rss: 55Mb L: 335/4096 MS: 5 CopyPart-CopyPart-ChangeBit-InsertByte-EraseBytes- | |
| #386 NEW cov: 963 ft: 1848 corp: 52/46Kb exec/s: 0 rss: 55Mb L: 95/4096 MS: 3 CopyPart-ChangeBinInt-InsertByte- | |
| #401 NEW cov: 963 ft: 1854 corp: 53/50Kb exec/s: 0 rss: 55Mb L: 4096/4096 MS: 5 InsertRepeatedBytes-InsertByte-ShuffleBytes-InsertByte-CrossOver- | |
| #402 REDUCE cov: 963 ft: 1854 corp: 53/50Kb exec/s: 0 rss: 55Mb L: 199/4096 MS: 1 EraseBytes- | |
| #425 NEW cov: 963 ft: 1900 corp: 54/50Kb exec/s: 0 rss: 56Mb L: 48/4096 MS: 3 CMP-PersAutoDict-EraseBytes- DE: "\xff\xff~\xfd\xc6`a'"-">\x00"- | |
| ================================================================= | |
| ==10102==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000213d8 at pc 0x55b06f0d88c3 bp 0x7ffdc6605b40 sp 0x7ffdc6605b38 | |
| READ of size 8 at 0x60c0000213d8 thread T0 | |
| #0 0x55b06f0d88c2 in std::_Bit_reference::operator bool() const /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:83:17 | |
| #1 0x55b06f0d9bd5 in std::_Bit_const_iterator::operator*() const /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:323:14 | |
| #2 0x55b06f10744a in (anonymous namespace)::DecodeBits(std::_Bit_const_iterator&, unsigned char, std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/jon/projects/bitcoin/bitcoin/src/util/asmap.cpp:18:19 | |
| #3 0x55b06f106c9d in (anonymous namespace)::DecodeType(std::_Bit_const_iterator&) /home/jon/projects/bitcoin/bitcoin/src/util/asmap.cpp:40:12 | |
| #4 0x55b06f106c9d in Interpret(std::vector<bool, std::allocator<bool> > const&, std::vector<bool, std::allocator<bool> > const&) /home/jon/projects/bitcoin/bitcoin/src/util/asmap.cpp:73 | |
| #5 0x55b06f0e32b0 in CNetAddr::GetMappedAS(std::vector<bool, std::allocator<bool> > const&) const /home/jon/projects/bitcoin/bitcoin/src/netaddress.cpp:433:26 | |
| #6 0x55b06f0cbccc in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/asmap.cpp:27:20 | |
| #7 0x55b06f0bf60f in LLVMFuzzerTestOneInput /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:38:5 | |
| #8 0x55b06efd6e0c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:515:13 | |
| #9 0x55b06efd666b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:440:3 | |
| #10 0x55b06efd809d in fuzzer::Fuzzer::MutateAndTestOne() /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:648:19 | |
| #11 0x55b06efd8955 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:775:5 | |
| #12 0x55b06efcd660 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:754:6 | |
| #13 0x55b06efef262 in main /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 | |
| #14 0x7f4120db109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) | |
| #15 0x55b06efc66f9 in _start (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/asmap+0x986f9) | |
| Address 0x60c0000213d8 is a wild pointer. | |
| SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:83:17 in std::_Bit_reference::operator bool() const | |
| Shadow bytes around the buggy address: | |
| 0x0c187fffc220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c187fffc230: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c187fffc240: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa | |
| 0x0c187fffc250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| 0x0c187fffc260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| =>0x0c187fffc270: fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa | |
| 0x0c187fffc280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c187fffc290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c187fffc2a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c187fffc2b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c187fffc2c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==10102==ABORTING | |
| MS: 3 ChangeBit-ShuffleBytes-EraseBytes-; base unit: 4da9023d6d8d3cbcec4d3272d603cc2b46a4d8ab | |
| 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0x27,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x27,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x9, | |
| \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff'\xff\xff\xff\xff\xff\xff\xff\xfd\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x09 | |
| artifact_prefix='./'; Test unit written to ./crash-bfe05d685fd86688f46db5cee9d10abbb292542a | |
| Base64: //////////////////////////////////////////////////////////////////7/J//////////9/////////////////////////////////////////////////////////////////////////yf//////////////////////////////wk= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment