ci: fuzz/process_message fails #18913

issue hebasto opened this issue on May 8, 2020
  1. hebasto commented at 5:21 AM on May 8, 2020: member

    https://travis-ci.org/github/bitcoin/bitcoin/jobs/684409035:

    Run process_message with args ['/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message', '-runs=1', '/home/travis/build/bitcoin/bitcoin/ci/scratch//qa-assets/fuzz_seed_corpus/process_message']
Unexpected exception when processing message type "cmpctblock": indexes overflowed 16 bits: iostream error
Output: INFO: Seed: 1414198937
INFO: Loaded 1 modules   (402977 inline 8-bit counters): 402977 [0x560d9c08f328, 0x560d9c0f1949), 
INFO: Loaded 1 PC tables (402977 PCs): 402977 [0x560d9c0f1950,0x560d9c717b60), 
INFO:     3131 files found in /home/travis/build/bitcoin/bitcoin/ci/scratch//qa-assets/fuzz_seed_corpus/process_message
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1016709 bytes
INFO: seed corpus: files: 3131 min: 1b max: 1016709b total: 37104830b rss: 160Mb
[#1024](/bitcoin-bitcoin/1024/)	pulse  cov: 17189 ft: 34017 corp: 463/28Kb exec/s: 204 rss: 446Mb
[#2048](/bitcoin-bitcoin/2048/)	pulse  cov: 19180 ft: 44574 corp: 764/61Kb exec/s: 157 rss: 466Mb
process_message: test/fuzz/process_message.cpp:94: void test_one_input(const std::vector<uint8_t> &): Assertion `false' failed.
==30537== ERROR: libFuzzer: deadly signal
    [#0](/bitcoin-bitcoin/0/) 0x560d99a24b41 in __sanitizer_print_stack_trace (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x18f8b41)
    [#1](/bitcoin-bitcoin/1/) 0x560d9996fc98 in fuzzer::PrintStackTrace() (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1843c98)
    [#2](/bitcoin-bitcoin/2/) 0x560d99954de3 in fuzzer::Fuzzer::CrashCallback() (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1828de3)
    [#3](/bitcoin-bitcoin/3/) 0x7fdf5478c3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
    [#4](/bitcoin-bitcoin/4/) 0x7fdf543f318a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
    [#5](/bitcoin-bitcoin/5/) 0x7fdf543d2858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
    [#6](/bitcoin-bitcoin/6/) 0x7fdf543d2728  (/lib/x86_64-linux-gnu/libc.so.6+0x25728)
    [#7](/bitcoin-bitcoin/7/) 0x7fdf543e3f35 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x36f35)
    [#8](/bitcoin-bitcoin/8/) 0x560d99a5160a in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message.cpp:94:13
    [#9](/bitcoin-bitcoin/9/) 0x560d9ab0a961 in LLVMFuzzerTestOneInput /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz.cpp:38:5
    [#10](/bitcoin-bitcoin/10/) 0x560d999564a1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182a4a1)
    [#11](/bitcoin-bitcoin/11/) 0x560d99955be5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1829be5)
    [#12](/bitcoin-bitcoin/12/) 0x560d99958507 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182c507)
    [#13](/bitcoin-bitcoin/13/) 0x560d99958869 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182c869)
    [#14](/bitcoin-bitcoin/14/) 0x560d9994753e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x181b53e)
    [#15](/bitcoin-bitcoin/15/) 0x560d99970382 in main (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1844382)
    [#16](/bitcoin-bitcoin/16/) 0x7fdf543d40b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    [#17](/bitcoin-bitcoin/17/) 0x560d9991c2dd in _start (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x17f02dd)
NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-c9a69bf323f578febb2be767e58b21581f39ccad
INFO: Seed: 1414198937
INFO: Loaded 1 modules   (402977 inline 8-bit counters): 402977 [0x560d9c08f328, 0x560d9c0f1949), 
INFO: Loaded 1 PC tables (402977 PCs): 402977 [0x560d9c0f1950,0x560d9c717b60), 
INFO:     3131 files found in /home/travis/build/bitcoin/bitcoin/ci/scratch//qa-assets/fuzz_seed_corpus/process_message
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1016709 bytes
INFO: seed corpus: files: 3131 min: 1b max: 1016709b total: 37104830b rss: 160Mb
[#1024](/bitcoin-bitcoin/1024/)	pulse  cov: 17189 ft: 34017 corp: 463/28Kb exec/s: 204 rss: 446Mb
[#2048](/bitcoin-bitcoin/2048/)	pulse  cov: 19180 ft: 44574 corp: 764/61Kb exec/s: 157 rss: 466Mb
process_message: test/fuzz/process_message.cpp:94: void test_one_input(const std::vector<uint8_t> &): Assertion `false' failed.
==30537== ERROR: libFuzzer: deadly signal
    [#0](/bitcoin-bitcoin/0/) 0x560d99a24b41 in __sanitizer_print_stack_trace (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x18f8b41)
    [#1](/bitcoin-bitcoin/1/) 0x560d9996fc98 in fuzzer::PrintStackTrace() (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1843c98)
    [#2](/bitcoin-bitcoin/2/) 0x560d99954de3 in fuzzer::Fuzzer::CrashCallback() (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1828de3)
    [#3](/bitcoin-bitcoin/3/) 0x7fdf5478c3bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
    [#4](/bitcoin-bitcoin/4/) 0x7fdf543f318a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
    [#5](/bitcoin-bitcoin/5/) 0x7fdf543d2858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
    [#6](/bitcoin-bitcoin/6/) 0x7fdf543d2728  (/lib/x86_64-linux-gnu/libc.so.6+0x25728)
    [#7](/bitcoin-bitcoin/7/) 0x7fdf543e3f35 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x36f35)
    [#8](/bitcoin-bitcoin/8/) 0x560d99a5160a in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message.cpp:94:13
    [#9](/bitcoin-bitcoin/9/) 0x560d9ab0a961 in LLVMFuzzerTestOneInput /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz.cpp:38:5
    [#10](/bitcoin-bitcoin/10/) 0x560d999564a1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182a4a1)
    [#11](/bitcoin-bitcoin/11/) 0x560d99955be5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1829be5)
    [#12](/bitcoin-bitcoin/12/) 0x560d99958507 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182c507)
    [#13](/bitcoin-bitcoin/13/) 0x560d99958869 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x182c869)
    [#14](/bitcoin-bitcoin/14/) 0x560d9994753e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x181b53e)
    [#15](/bitcoin-bitcoin/15/) 0x560d99970382 in main (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x1844382)
    [#16](/bitcoin-bitcoin/16/) 0x7fdf543d40b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    [#17](/bitcoin-bitcoin/17/) 0x560d9991c2dd in _start (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message+0x17f02dd)
NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-c9a69bf323f578febb2be767e58b21581f39ccad
Target "process_message" failed with exit code 77: /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/process_message -runs=1 /home/travis/build/bitcoin/bitcoin/ci/scratch//qa-assets/fuzz_seed_corpus/process_message

    Also https://travis-ci.org/github/bitcoin/bitcoin/jobs/684409036

  2. fanquake added the label Tests on May 8, 2020
  3. practicalswift commented at 5:05 AM on May 9, 2020: contributor

    @hebasto That appears to be PR:s running against old code since master no longer have any assertions in that fuzzer:

    $ grep assert src/test/fuzz/process_message.cpp
#include <cassert>
$

    Rebase needed? :)

  4. hebasto commented at 5:15 AM on May 9, 2020: member

    @practicalswift

    Rebase needed? :)

    Or backport of the latest changes to process_message.cpp to the 0.20 branch :)

  5. hebasto closed this on Nov 6, 2020
  6. MarcoFalke locked this on Feb 15, 2022
Contributors
hebastopracticalswift
Labels
Tests
Linked (view graph)
#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value#3 Encrypt wallet#4 Export/Import wallet in a human readable, future-proof format#5 Make the version number the protocol version and not the client version#6 Treat wallet as a generic keystore#7 Block-header-only, faster startup client#8 RPC command to sign text with wallet private key#9 Fix for GUI on Macs and latest wxWidgets#10 Add address to listtransactions output#11 Nolisten patch#12 Monitor transactions and/or blocks#13 Messages with or about transactions#14 bitcoin: URI and/or bitcoin-request MIME type for click-to-pay#15 Option to specify external IP address#16 Mac UI issues#17 listaccounts method#1024 correct passphrase crashes client after 50+ wrong guesses.#2048 Add "checkpoints" option, to permit disabling of checkpoint logic.
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me