Fuzzing failures on 1.9.1 #884
Description
Hi there,
I've got a few failures with the fuzzer on 1.9.1 and am wondering if I should be concerned about them.
This is in nixpkgs:
Running phase: checkPhase
@nix { "action": "setPhase", "phase": "checkPhase" }
check flags: -j48 SHELL=/nix/store/4fvc5fm8bszmkydng1ivrvr5cbvr1g60-bash-5.2p37/bin/bash VERBOSE=y check
make test/unit/test_twist test/unit/test_log test/unit/test_parser test/unit/test_attr test/unit/test_db test/unit/test_utils test/fuzz/yaml-parser.fuzz test/fuzz/init-token-sopin.fuzz test/fuzz/init-pin.fuzz test/fuzz/set-pin.fuzz test/fuzz/db-take-lock.fuzz test/fuzz/db-token-label.fuzz32 test/fuzz/init-token-label.fuzz32 test/fuzz/utils-ctx-unwrap-objauth.fuzz
make[1]: Entering directory '/build/source'
make[1]: 'test/fuzz/yaml-parser.fuzz' is up to date.
make[1]: 'test/fuzz/init-token-sopin.fuzz' is up to date.
make[1]: 'test/fuzz/init-pin.fuzz' is up to date.
make[1]: 'test/fuzz/set-pin.fuzz' is up to date.
make[1]: 'test/fuzz/db-take-lock.fuzz' is up to date.
make[1]: 'test/fuzz/db-token-label.fuzz32' is up to date.
make[1]: 'test/fuzz/init-token-label.fuzz32' is up to date.
make[1]: 'test/fuzz/utils-ctx-unwrap-objauth.fuzz' is up to date.
CC test/unit/test_twist-test_twist.o
CC test/unit/test_log-test_log.o
CC test/unit/test_parser-test_parser.o
CC test/unit/test_attr-test_attr.o
CC test/unit/test_db-test_db.o
CC test/unit/test_utils-test_utils.o
test/unit/test_twist.c:249:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option]
249 | #pragma GCC diagnostic ignored "-Wstringop-overflow"
| ^
test/unit/test_twist.c:260:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option]
260 | #pragma GCC diagnostic ignored "-Wstringop-overflow"
| ^
test/unit/test_twist.c:331:32: warning: unknown warning group '-Wstringop-overflow', ignored [-Wunknown-warning-option]
331 | #pragma GCC diagnostic ignored "-Wstringop-overflow"
| ^
CCLD test/unit/test_utils
CCLD test/unit/test_parser
CCLD test/unit/test_log
CCLD test/unit/test_attr
3 warnings generated.
CCLD test/unit/test_twist
CCLD test/unit/test_db
make[1]: Leaving directory '/build/source'
make check-TESTS
make[1]: Entering directory '/build/source'
make[2]: Entering directory '/build/source'
PASS: test/unit/test_log
PASS: test/unit/test_attr
PASS: test/unit/test_parser
PASS: test/unit/test_twist
PASS: test/unit/test_utils
PASS: test/unit/test_db
FAIL: test/fuzz/db-take-lock.fuzz
FAIL: test/fuzz/init-token-label.fuzz32
SKIP: test/fuzz/init-token-sopin.fuzz
FAIL: test/fuzz/db-token-label.fuzz32
SKIP: test/fuzz/set-pin.fuzz
SKIP: test/fuzz/init-pin.fuzz
PASS: test/fuzz/yaml-parser.fuzz
PASS: test/fuzz/utils-ctx-unwrap-objauth.fuzz
=========================================
tpm2-pkcs11 1.9.1: ./test-suite.log
=========================================
# TOTAL: 14
# PASS: 8
# SKIP: 3
# XFAIL: 0
# FAIL: 3
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
SKIP: test/fuzz/init-token-sopin
================================
+ env ./test/fuzz/init-token-sopin.fuzz -max_total_time=30
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1325302258
INFO: Loaded 1 modules (149 inline 8-bit counters): 149 [0x55555580f9e0, 0x55555580fa75),
INFO: Loaded 1 PC tables (149 PCs): 149 [0x55555580fa78,0x5555558103c8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
[==========] tests: Running 1 test(s).
[ RUN ] test
WARNING: FAPI backend was not initialized.
WARNING: Cannot prepare version query: no such table: schema
ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use:
ERROR: Could not find nor create a primary object
ERROR: Could not create new token
[ ERROR ] --- 0x5 != 0
[ LINE ] --- test/fuzz/init-token-sopin.fuzz.c:59: error: Failure!
[ FAILED ] test
[==========] tests: 1 test(s) run.
[ PASSED ] 0 test(s).
[ FAILED ] tests: 1 test(s), listed below:
[ FAILED ] test
1 FAILED TEST(S)
==7177== ERROR: libFuzzer: fuzz target exited
#0 0x5555556f538a (/build/source/test/fuzz/init-token-sopin.fuzz+0x1a138a)
#1 0x5555555f4fd0 (/build/source/test/fuzz/init-token-sopin.fuzz+0xa0fd0)
#2 0x5555555d0246 (/build/source/test/fuzz/init-token-sopin.fuzz+0x7c246)
#3 0x5555555d031c (/build/source/test/fuzz/init-token-sopin.fuzz+0x7c31c)
#4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6)
#7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b)
#8 0x55555573628a (/build/source/test/fuzz/init-token-sopin.fuzz+0x1e228a)
#9 0x5555555d0a18 (/build/source/test/fuzz/init-token-sopin.fuzz+0x7ca18)
#10 0x5555555d45b4 (/build/source/test/fuzz/init-token-sopin.fuzz+0x805b4)
#11 0x5555555d50c7 (/build/source/test/fuzz/init-token-sopin.fuzz+0x810c7)
#12 0x5555555b7b40 (/build/source/test/fuzz/init-token-sopin.fuzz+0x63b40)
#13 0x5555555a1962 (/build/source/test/fuzz/init-token-sopin.fuzz+0x4d962)
#14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#16 0x5555555a19a4 (/build/source/test/fuzz/init-token-sopin.fuzz+0x4d9a4)
SUMMARY: libFuzzer: fuzz target exited
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 77
SKIP test/fuzz/init-token-sopin.fuzz (exit status: 77)
SKIP: test/fuzz/init-pin
========================
+ env ./test/fuzz/init-pin.fuzz -max_total_time=30
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1328141447
INFO: Loaded 1 modules (152 inline 8-bit counters): 152 [0x5555558109e0, 0x555555810a78),
INFO: Loaded 1 PC tables (152 PCs): 152 [0x555555810a78,0x5555558113f8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
[==========] tests: Running 1 test(s).
[ RUN ] test
WARNING: FAPI backend was not initialized.
WARNING: Cannot prepare version query: no such table: schema
ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use:
ERROR: Could not find nor create a primary object
ERROR: Could not create new token
Could not run test: 0x5 != 0
[ LINE ] --- test/fuzz/init-pin.fuzz.c:41: error: Failure!Test setup failed
[ ERROR ] test
[==========] tests: 1 test(s) run.
[ PASSED ] 0 test(s).
==7186== ERROR: libFuzzer: fuzz target exited
#0 0x5555556f538a (/build/source/test/fuzz/init-pin.fuzz+0x1a138a)
#1 0x5555555f4fd0 (/build/source/test/fuzz/init-pin.fuzz+0xa0fd0)
#2 0x5555555d0246 (/build/source/test/fuzz/init-pin.fuzz+0x7c246)
#3 0x5555555d031c (/build/source/test/fuzz/init-pin.fuzz+0x7c31c)
#4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6)
#7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b)
#8 0x55555573628a (/build/source/test/fuzz/init-pin.fuzz+0x1e228a)
#9 0x5555555d0a18 (/build/source/test/fuzz/init-pin.fuzz+0x7ca18)
#10 0x5555555d45b4 (/build/source/test/fuzz/init-pin.fuzz+0x805b4)
#11 0x5555555d50c7 (/build/source/test/fuzz/init-pin.fuzz+0x810c7)
#12 0x5555555b7b40 (/build/source/test/fuzz/init-pin.fuzz+0x63b40)
#13 0x5555555a1962 (/build/source/test/fuzz/init-pin.fuzz+0x4d962)
#14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#16 0x5555555a19a4 (/build/source/test/fuzz/init-pin.fuzz+0x4d9a4)
SUMMARY: libFuzzer: fuzz target exited
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 77
SKIP test/fuzz/init-pin.fuzz (exit status: 77)
SKIP: test/fuzz/set-pin
=======================
+ env ./test/fuzz/set-pin.fuzz -max_total_time=30
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1326984079
INFO: Loaded 1 modules (152 inline 8-bit counters): 152 [0x5555558109e0, 0x555555810a78),
INFO: Loaded 1 PC tables (152 PCs): 152 [0x555555810a78,0x5555558113f8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
[==========] tests: Running 1 test(s).
[ RUN ] test
WARNING: FAPI backend was not initialized.
WARNING: Cannot prepare version query: no such table: schema
ERROR: Esys_GetCapability: tpm:session(1):the handle is not correct for the use:
ERROR: Could not find nor create a primary object
ERROR: Could not create new token
Could not run test: 0x5 != 0
[ LINE ] --- test/fuzz/set-pin.fuzz.c:41: error: Failure!Test setup failed
[ ERROR ] test
[==========] tests: 1 test(s) run.
[ PASSED ] 0 test(s).
==7184== ERROR: libFuzzer: fuzz target exited
#0 0x5555556f538a (/build/source/test/fuzz/set-pin.fuzz+0x1a138a)
#1 0x5555555f4fd0 (/build/source/test/fuzz/set-pin.fuzz+0xa0fd0)
#2 0x5555555d0246 (/build/source/test/fuzz/set-pin.fuzz+0x7c246)
#3 0x5555555d031c (/build/source/test/fuzz/set-pin.fuzz+0x7c31c)
#4 0x7ffff71011d0 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x431d0) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#5 0x7ffff710128d (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x4328d) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#6 0x7ffff73febc6 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6bc6)
#7 0x7ffff73ff93b (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x793b)
#8 0x55555573628a (/build/source/test/fuzz/set-pin.fuzz+0x1e228a)
#9 0x5555555d0a18 (/build/source/test/fuzz/set-pin.fuzz+0x7ca18)
#10 0x5555555d45b4 (/build/source/test/fuzz/set-pin.fuzz+0x805b4)
#11 0x5555555d50c7 (/build/source/test/fuzz/set-pin.fuzz+0x810c7)
#12 0x5555555b7b40 (/build/source/test/fuzz/set-pin.fuzz+0x63b40)
#13 0x5555555a1962 (/build/source/test/fuzz/set-pin.fuzz+0x4d962)
#14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#16 0x5555555a19a4 (/build/source/test/fuzz/set-pin.fuzz+0x4d9a4)
SUMMARY: libFuzzer: fuzz target exited
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 77
SKIP test/fuzz/set-pin.fuzz (exit status: 77)
FAIL: test/fuzz/db-take-lock
============================
+ env ./test/fuzz/db-take-lock.fuzz -max_total_time=30
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1325373476
INFO: Loaded 1 modules (15 inline 8-bit counters): 15 [0x5555557a5040, 0x5555557a504f),
INFO: Loaded 1 PC tables (15 PCs): 15 [0x5555557a5050,0x5555557a5140),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
[==========] tests: Running 1 test(s).
[ RUN ] test
=================================================================
==7178==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff4a000a0 at pc 0x555555674f5b bp 0x7fffffff90c0 sp 0x7fffffff8880
READ of size 36 at 0x7ffff4a000a0 thread T0
#0 0x555555674f5a (/build/source/test/fuzz/db-take-lock.fuzz+0x120f5a)
#1 0x5555556b1ace (/build/source/test/fuzz/db-take-lock.fuzz+0x15dace)
#2 0x5555556b416c (/build/source/test/fuzz/db-take-lock.fuzz+0x16016c)
#3 0x55555572b862 (/build/source/test/fuzz/db-take-lock.fuzz+0x1d7862)
#4 0x55555572b8dc (/build/source/test/fuzz/db-take-lock.fuzz+0x1d78dc)
#5 0x555555729633 (/build/source/test/fuzz/db-take-lock.fuzz+0x1d5633)
#6 0x7ffff73fed3e (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6d3e)
#7 0x7ffff73ffb7d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7b7d)
#8 0x5555557293ea (/build/source/test/fuzz/db-take-lock.fuzz+0x1d53ea)
#9 0x5555555c83d8 (/build/source/test/fuzz/db-take-lock.fuzz+0x743d8)
#10 0x5555555cbf74 (/build/source/test/fuzz/db-take-lock.fuzz+0x77f74)
#11 0x5555555cca87 (/build/source/test/fuzz/db-take-lock.fuzz+0x78a87)
#12 0x5555555af500 (/build/source/test/fuzz/db-take-lock.fuzz+0x5b500)
#13 0x555555599322 (/build/source/test/fuzz/db-take-lock.fuzz+0x45322)
#14 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#15 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#16 0x555555599364 (/build/source/test/fuzz/db-take-lock.fuzz+0x45364)
Address 0x7ffff4a000a0 is located in stack of thread T0 at offset 32 in frame
#0 0x55555572993f (/build/source/test/fuzz/db-take-lock.fuzz+0x1d593f)
This frame has 1 object(s):
[32, 68) 'tmp_key' (line 55) <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/build/source/test/fuzz/db-take-lock.fuzz+0x120f5a)
Shadow bytes around the buggy address:
0x7ffff49ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff49ffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff49fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff49fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff4a00000: f1 f1 f1 f1 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
=>0x7ffff4a00080: f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x7ffff4a00100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff4a00180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff4a00200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff4a00280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ffff4a00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7178==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 1
FAIL test/fuzz/db-take-lock.fuzz (exit status: 1)
FAIL: test/fuzz/db-token-label
==============================
+ env ./test/fuzz/db-token-label.fuzz32 -max_total_time=30 -max_len=32
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1328040705
INFO: Loaded 1 modules (156 inline 8-bit counters): 156 [0x55555580d9c0, 0x55555580da5c),
INFO: Loaded 1 PC tables (156 PCs): 156 [0x55555580da60,0x55555580e420),
[==========] tests: Running 1 test(s).
[ RUN ] test
WARNING: FAPI backend was not initialized.
=================================================================
==7185==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x5190000140e0 in thread T0
#0 0x5555556e7168 (/build/source/test/fuzz/db-token-label.fuzz32+0x193168)
#1 0x555555772d07 (/build/source/test/fuzz/db-token-label.fuzz32+0x21ed07)
#2 0x5555557978a1 (/build/source/test/fuzz/db-token-label.fuzz32+0x2438a1)
#3 0x55555576f958 (/build/source/test/fuzz/db-token-label.fuzz32+0x21b958)
#4 0x55555576f6b9 (/build/source/test/fuzz/db-token-label.fuzz32+0x21b6b9)
#5 0x55555576ab0a (/build/source/test/fuzz/db-token-label.fuzz32+0x216b0a)
#6 0x55555574eec8 (/build/source/test/fuzz/db-token-label.fuzz32+0x1faec8)
#7 0x555555737665 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e3665)
#8 0x555555736ab5 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e2ab5)
#9 0x7ffff73fee9c (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6e9c)
#10 0x7ffff73ffa0d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7a0d)
#11 0x555555736355 (/build/source/test/fuzz/db-token-label.fuzz32+0x1e2355)
#12 0x5555555d09d8 (/build/source/test/fuzz/db-token-label.fuzz32+0x7c9d8)
#13 0x5555555d4574 (/build/source/test/fuzz/db-token-label.fuzz32+0x80574)
#14 0x5555555d5087 (/build/source/test/fuzz/db-token-label.fuzz32+0x81087)
#15 0x5555555b7b00 (/build/source/test/fuzz/db-token-label.fuzz32+0x63b00)
#16 0x5555555a1922 (/build/source/test/fuzz/db-token-label.fuzz32+0x4d922)
#17 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#18 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#19 0x5555555a1964 (/build/source/test/fuzz/db-token-label.fuzz32+0x4d964)
0x5190000140e0 is located 96 bytes inside of 1144-byte region [0x519000014080,0x5190000144f8)
allocated by thread T0 here:
#0 0x5555556e8137 (/build/source/test/fuzz/db-token-label.fuzz32+0x194137)
#1 0x7ffff73fb3e1 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x33e1)
SUMMARY: AddressSanitizer: bad-free (/build/source/test/fuzz/db-token-label.fuzz32+0x193168)
==7185==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 1
FAIL test/fuzz/db-token-label.fuzz32 (exit status: 1)
FAIL: test/fuzz/init-token-label
================================
+ env ./test/fuzz/init-token-label.fuzz32 -max_total_time=30 -max_len=32
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1325963365
INFO: Loaded 1 modules (151 inline 8-bit counters): 151 [0x55555580f9e0, 0x55555580fa77),
INFO: Loaded 1 PC tables (151 PCs): 151 [0x55555580fa78,0x5555558103e8),
[==========] tests: Running 1 test(s).
[ RUN ] test
WARNING: FAPI backend was not initialized.
WARNING: Cannot prepare version query: no such table: schema
ERROR: Label has embedded 0 bytes
=================================================================
==7182==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x51900000dce0 in thread T0
#0 0x5555556e71a8 (/build/source/test/fuzz/init-token-label.fuzz32+0x1931a8)
#1 0x555555763987 (/build/source/test/fuzz/init-token-label.fuzz32+0x20f987)
#2 0x555555787bd1 (/build/source/test/fuzz/init-token-label.fuzz32+0x233bd1)
#3 0x5555557605d8 (/build/source/test/fuzz/init-token-label.fuzz32+0x20c5d8)
#4 0x555555760339 (/build/source/test/fuzz/init-token-label.fuzz32+0x20c339)
#5 0x55555575b78a (/build/source/test/fuzz/init-token-label.fuzz32+0x20778a)
#6 0x555555743b28 (/build/source/test/fuzz/init-token-label.fuzz32+0x1efb28)
#7 0x555555737035 (/build/source/test/fuzz/init-token-label.fuzz32+0x1e3035)
#8 0x5555557366ca (/build/source/test/fuzz/init-token-label.fuzz32+0x1e26ca)
#9 0x7ffff73fed3e (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x6d3e)
#10 0x7ffff73ffb7d (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x7b7d)
#11 0x5555557362f0 (/build/source/test/fuzz/init-token-label.fuzz32+0x1e22f0)
#12 0x5555555d0a18 (/build/source/test/fuzz/init-token-label.fuzz32+0x7ca18)
#13 0x5555555d45b4 (/build/source/test/fuzz/init-token-label.fuzz32+0x805b4)
#14 0x5555555d50c7 (/build/source/test/fuzz/init-token-label.fuzz32+0x810c7)
#15 0x5555555b7b40 (/build/source/test/fuzz/init-token-label.fuzz32+0x63b40)
#16 0x5555555a1962 (/build/source/test/fuzz/init-token-label.fuzz32+0x4d962)
#17 0x7ffff70e81fb (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#18 0x7ffff70e82b8 (/nix/store/h7zcxabfxa7v5xdna45y2hplj31ncf8a-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: 0a855678aa0cb573cecbb2bcc73ab8239ec472d0)
#19 0x5555555a19a4 (/build/source/test/fuzz/init-token-label.fuzz32+0x4d9a4)
0x51900000dce0 is located 96 bytes inside of 1144-byte region [0x51900000dc80,0x51900000e0f8)
allocated by thread T0 here:
#0 0x5555556e8177 (/build/source/test/fuzz/init-token-label.fuzz32+0x194177)
#1 0x7ffff73fb3e1 (/nix/store/gq3r6sjc3k6k37ny5i8n395f9r96i9gp-cmocka-1.1.7/lib/libcmocka.so.0+0x33e1)
SUMMARY: AddressSanitizer: bad-free (/build/source/test/fuzz/init-token-label.fuzz32+0x1931a8)
==7182==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
+ exit 1
FAIL test/fuzz/init-token-label.fuzz32 (exit status: 1)
============================================================================
Testsuite summary for tpm2-pkcs11 1.9.1
============================================================================
# TOTAL: 14
# PASS: 8
# SKIP: 3
# XFAIL: 0
# FAIL: 3
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to https://github.com/tpm2-software/tpm2-pkcs11/issues
============================================================================
make[2]: *** [Makefile:2758: test-suite.log] Error 1
make[2]: Leaving directory '/build/source'
make[1]: *** [Makefile:2866: check-TESTS] Error 2
make[1]: Leaving directory '/build/source'
make: *** [Makefile:3197: check-am] Error 2