cargo-fuzz
cargo-fuzz copied to clipboard
Published
20 hours ago •
rust-fuzz
rust-fuzz
Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING
Hi,
cargo-fuzz is not working anymore here, but I cannot find the source of the problem. The error is triggered when starting the fuzzer:
$ cargo fuzz run fuzzer_script_1
...
Running `fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1 -artifact_prefix=/home/pollux/CODE/RUST/der-parser/fuzz/artifacts/fuzzer_script_1/ /home/pollux/CODE/RUST/der-parser/fuzz/corpus/fuzzer_script_1`
==6747==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==6747==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==6747==Process memory map follows:
0x0005eba8d000-0x0005ebc94000 /home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
0x0005ebe93000-0x0005ebe98000 /home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
0x0005ebe98000-0x0005ebe9f000 /home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
0x0005ebe9f000-0x0005edd2a000
0x0005edd2a000-0x0005f18ed000
0x0005f18ed000-0x0005f18ee000 [heap]
0x03a358fd1000-0x03a359323000
0x03a359323000-0x03a359426000 /lib/x86_64-linux-gnu/libm-2.24.so
0x03a359426000-0x03a359625000 /lib/x86_64-linux-gnu/libm-2.24.so
0x03a359625000-0x03a359626000 /lib/x86_64-linux-gnu/libm-2.24.so
0x03a359626000-0x03a359627000 /lib/x86_64-linux-gnu/libm-2.24.so
0x03a359627000-0x03a3597bc000 /lib/x86_64-linux-gnu/libc-2.24.so
0x03a3597bc000-0x03a3599bb000 /lib/x86_64-linux-gnu/libc-2.24.so
0x03a3599bb000-0x03a3599bf000 /lib/x86_64-linux-gnu/libc-2.24.so
0x03a3599bf000-0x03a3599c1000 /lib/x86_64-linux-gnu/libc-2.24.so
0x03a3599c1000-0x03a3599c5000
0x03a3599c5000-0x03a3599db000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x03a3599db000-0x03a359bda000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x03a359bda000-0x03a359bdb000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x03a359bdb000-0x03a359bdc000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x03a359bdc000-0x03a359bf4000 /lib/x86_64-linux-gnu/libpthread-2.24.so
0x03a359bf4000-0x03a359df3000 /lib/x86_64-linux-gnu/libpthread-2.24.so
0x03a359df3000-0x03a359df4000 /lib/x86_64-linux-gnu/libpthread-2.24.so
0x03a359df4000-0x03a359df5000 /lib/x86_64-linux-gnu/libpthread-2.24.so
0x03a359df5000-0x03a359df9000
0x03a359df9000-0x03a359e00000 /lib/x86_64-linux-gnu/librt-2.24.so
0x03a359e00000-0x03a359fff000 /lib/x86_64-linux-gnu/librt-2.24.so
0x03a359fff000-0x03a35a000000 /lib/x86_64-linux-gnu/librt-2.24.so
0x03a35a000000-0x03a35a001000 /lib/x86_64-linux-gnu/librt-2.24.so
0x03a35a001000-0x03a35a003000 /lib/x86_64-linux-gnu/libdl-2.24.so
0x03a35a003000-0x03a35a203000 /lib/x86_64-linux-gnu/libdl-2.24.so
0x03a35a203000-0x03a35a204000 /lib/x86_64-linux-gnu/libdl-2.24.so
0x03a35a204000-0x03a35a205000 /lib/x86_64-linux-gnu/libdl-2.24.so
0x03a35a205000-0x03a35a377000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
0x03a35a377000-0x03a35a577000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
0x03a35a577000-0x03a35a581000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
0x03a35a581000-0x03a35a583000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
0x03a35a583000-0x03a35a587000
0x03a35a587000-0x03a35a5aa000 /lib/x86_64-linux-gnu/ld-2.24.so
0x03a35a76c000-0x03a35a782000
0x03a35a790000-0x03a35a7a6000
0x03a35a7a6000-0x03a35a7a8000 [vvar]
0x03a35a7a8000-0x03a35a7aa000 [vdso]
0x03a35a7aa000-0x03a35a7ab000 /lib/x86_64-linux-gnu/ld-2.24.so
0x03a35a7ab000-0x03a35a7ac000 /lib/x86_64-linux-gnu/ld-2.24.so
0x03a35a7ac000-0x03a35a7ad000
0x03eca912c000-0x03eca914e000 [stack]
==6747==End of process memory map.
cargo-fuzz version 0.4.1 llvm & clang version 3.8.1 (Debian) rustc 1.18.0-nightly note: compiled kernel with grsecurity, I don't know if that is of any importance - cargo-fuzz 0.3.1 worked previously on the same kernel.
The same happens when creating a new crate (type lib) and adding a fuzzer.
I have this error too.
[cooper@cooper-laptop speck-cbc]$ cargo +nightly fuzz run fuzz_target_1
Fresh speck v1.1.0
Fresh byteorder v1.1.0
Fresh arbitrary v0.1.0
Fresh gcc v0.3.51
Fresh speck-cbc v0.1.0 (file:///home/cooper/Documents/programing/rust/speck-cbc)
Fresh libfuzzer-sys v0.1.0 (https://github.com/rust-fuzz/libfuzzer-sys.git#67f73995)
Fresh speck-cbc-fuzz v0.0.1 (file:///home/cooper/Documents/programing/rust/speck-cbc/fuzz)
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Fresh gcc v0.3.51
Fresh speck v1.1.0
Fresh byteorder v1.1.0
Fresh arbitrary v0.1.0
Fresh speck-cbc v0.1.0 (file:///home/cooper/Documents/programing/rust/speck-cbc)
Fresh libfuzzer-sys v0.1.0 (https://github.com/rust-fuzz/libfuzzer-sys.git#67f73995)
Fresh speck-cbc-fuzz v0.0.1 (file:///home/cooper/Documents/programing/rust/speck-cbc/fuzz)
Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
Running `fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1 -artifact_prefix=/home/cooper/Documents/programing/rust/speck-cbc/fuzz/artifacts/fuzz_target_1/ /home/cooper/Documents/programing/rust/speck-cbc/fuzz/corpus/fuzz_target_1`
==29374==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==29374==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==29374==Process memory map follows:
0x0ed0bee8f000-0x0ed0bf05e000 /home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
0x0ed0bf25e000-0x0ed0bf264000 /home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
0x0ed0bf264000-0x0ed0bf26a000 /home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
0x0ed0bf26a000-0x0ed0c10e4000
0x697e5a554000-0x697e5a8a6000
0x697e5a8a6000-0x697e5a9b7000 /usr/lib/libm-2.25.so
0x697e5a9b7000-0x697e5abb6000 /usr/lib/libm-2.25.so
0x697e5abb6000-0x697e5abb7000 /usr/lib/libm-2.25.so
0x697e5abb7000-0x697e5abb8000 /usr/lib/libm-2.25.so
0x697e5abb8000-0x697e5ad55000 /usr/lib/libc-2.25.so
0x697e5ad55000-0x697e5af54000 /usr/lib/libc-2.25.so
0x697e5af54000-0x697e5af58000 /usr/lib/libc-2.25.so
0x697e5af58000-0x697e5af5a000 /usr/lib/libc-2.25.so
0x697e5af5a000-0x697e5af5e000
0x697e5af5e000-0x697e5af74000 /usr/lib/libgcc_s.so.1
0x697e5af74000-0x697e5b173000 /usr/lib/libgcc_s.so.1
0x697e5b173000-0x697e5b174000 /usr/lib/libgcc_s.so.1
0x697e5b174000-0x697e5b175000 /usr/lib/libgcc_s.so.1
0x697e5b175000-0x697e5b18e000 /usr/lib/libpthread-2.25.so
0x697e5b18e000-0x697e5b38d000 /usr/lib/libpthread-2.25.so
0x697e5b38d000-0x697e5b38e000 /usr/lib/libpthread-2.25.so
0x697e5b38e000-0x697e5b38f000 /usr/lib/libpthread-2.25.so
0x697e5b38f000-0x697e5b393000
0x697e5b393000-0x697e5b39a000 /usr/lib/librt-2.25.so
0x697e5b39a000-0x697e5b599000 /usr/lib/librt-2.25.so
0x697e5b599000-0x697e5b59a000 /usr/lib/librt-2.25.so
0x697e5b59a000-0x697e5b59b000 /usr/lib/librt-2.25.so
0x697e5b59b000-0x697e5b59e000 /usr/lib/libdl-2.25.so
0x697e5b59e000-0x697e5b79d000 /usr/lib/libdl-2.25.so
0x697e5b79d000-0x697e5b79e000 /usr/lib/libdl-2.25.so
0x697e5b79e000-0x697e5b79f000 /usr/lib/libdl-2.25.so
0x697e5b79f000-0x697e5b919000 /usr/lib/libstdc++.so.6.0.24
0x697e5b919000-0x697e5bb18000 /usr/lib/libstdc++.so.6.0.24
0x697e5bb18000-0x697e5bb22000 /usr/lib/libstdc++.so.6.0.24
0x697e5bb22000-0x697e5bb24000 /usr/lib/libstdc++.so.6.0.24
0x697e5bb24000-0x697e5bb27000
0x697e5bb27000-0x697e5bb4a000 /usr/lib/ld-2.25.so
0x697e5bce9000-0x697e5bcef000
0x697e5bd1c000-0x697e5bd30000
0x697e5bd34000-0x697e5bd45000
0x697e5bd45000-0x697e5bd48000 [vvar]
0x697e5bd48000-0x697e5bd4a000 [vdso]
0x697e5bd4a000-0x697e5bd4b000 /usr/lib/ld-2.25.so
0x697e5bd4b000-0x697e5bd4c000 /usr/lib/ld-2.25.so
0x697e5bd4c000-0x697e5bd4d000
0x71c64bf06000-0x71c64bf28000 [stack]
==29374==End of process memory map.
This is https://github.com/google/sanitizers/issues/837. rustc always creates PIE executables by default (you can disable this with -C relocation-model=dynamic-no-pic)
