Lines Matching refs:run
539 static void arch_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking) { in arch_hashCallstack() argument
541 for (size_t i = 0; i < funcCnt && i < run->global->linux.numMajorFrames; i++) { in arch_hashCallstack()
563 run->backtrace = hash; in arch_hashCallstack()
567 pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr) { in arch_traceGenerateReport() argument
568 run->report[0] = '\0'; in arch_traceGenerateReport()
569 util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); in arch_traceGenerateReport()
570 util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); in arch_traceGenerateReport()
571 util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); in arch_traceGenerateReport()
572 util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", in arch_traceGenerateReport()
574 util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", in arch_traceGenerateReport()
576 util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); in arch_traceGenerateReport()
578 run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); in arch_traceGenerateReport()
579 util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); in arch_traceGenerateReport()
583 run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", (REG_TYPE)(long)funcs[i].pc); in arch_traceGenerateReport()
585 util_ssnprintf(run->report, sizeof(run->report), "[%s() + 0x%x at %s]\n", funcs[i].func, in arch_traceGenerateReport()
588 util_ssnprintf(run->report, sizeof(run->report), "[]\n"); in arch_traceGenerateReport()
590 util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> [%s():%zu at %s]\n", in arch_traceGenerateReport()
598 util_ssnprintf(run->report, sizeof(run->report), in arch_traceGenerateReport()
607 static void arch_traceAnalyzeData(run_t* run, pid_t pid) { in arch_traceAnalyzeData() argument
648 arch_hashCallstack(run, funcs, funcCnt, false); in arch_traceAnalyzeData()
651 static void arch_traceSaveData(run_t* run, pid_t pid) { in arch_traceSaveData() argument
655 bool saveUnique = run->global->io.saveUnique; in arch_traceSaveData()
670 if (!SI_FROMUSER(&si) && pc && si.si_addr < run->global->linux.ignoreAddr) { in arch_traceSaveData()
672 arch_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); in arch_traceSaveData()
711 uint64_t oldBacktrace = run->backtrace; in arch_traceSaveData()
716 arch_hashCallstack(run, funcs, funcCnt, saveUnique); in arch_traceSaveData()
730 if (run->crashFileName[0] != '\0') { in arch_traceSaveData()
738 if (oldBacktrace == run->backtrace) { in arch_traceSaveData()
744 ATOMIC_POST_INC(run->global->cnts.crashesCnt); in arch_traceSaveData()
751 if (run->global->linux.symsWl) { in arch_traceSaveData()
753 run->global->linux.symsWlCnt, run->global->linux.symsWl, funcCnt, funcs); in arch_traceSaveData()
762 if (run->global->feedback.blacklist && in arch_traceSaveData()
763 (fastArray64Search(run->global->feedback.blacklist, run->global->feedback.blacklistCnt, in arch_traceSaveData()
764 run->backtrace) != -1)) { in arch_traceSaveData()
765 LOG_I("Blacklisted stack hash '%" PRIx64 "', skipping", run->backtrace); in arch_traceSaveData()
766 ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); in arch_traceSaveData()
774 run->global->linux.symsBlCnt, run->global->linux.symsBl, funcCnt, funcs); in arch_traceSaveData()
777 ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); in arch_traceSaveData()
783 ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); in arch_traceSaveData()
786 if (!run->global->linux.disableRandomization) { in arch_traceSaveData()
797 if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { in arch_traceSaveData()
798 snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, in arch_traceSaveData()
799 run->origFileName); in arch_traceSaveData()
801 snprintf(run->crashFileName, sizeof(run->crashFileName), in arch_traceSaveData()
803 run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, in arch_traceSaveData()
804 sig_addr, instr, run->global->io.fileExtn); in arch_traceSaveData()
808 snprintf(run->crashFileName, sizeof(run->crashFileName), in arch_traceSaveData()
810 run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, in arch_traceSaveData()
811 sig_addr, instr, localtmstr, pid, run->global->io.fileExtn); in arch_traceSaveData()
815 if (run->global->socketFuzzer.enabled) { in arch_traceSaveData()
819 if (files_exists(run->crashFileName)) { in arch_traceSaveData()
820 LOG_I("Crash (dup): '%s' already exists, skipping", run->crashFileName); in arch_traceSaveData()
822 memset(run->crashFileName, 0, sizeof(run->crashFileName)); in arch_traceSaveData()
826 if (!files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, in arch_traceSaveData()
828 LOG_E("Couldn't write to '%s'", run->crashFileName); in arch_traceSaveData()
833 if (run->global->socketFuzzer.enabled) { in arch_traceSaveData()
835 fuzz_notifySocketFuzzerCrash(run); in arch_traceSaveData()
837 LOG_I("Crash: saved as '%s'", run->crashFileName); in arch_traceSaveData()
839 ATOMIC_POST_INC(run->global->cnts.uniqueCrashesCnt); in arch_traceSaveData()
841 ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); in arch_traceSaveData()
843 arch_traceGenerateReport(pid, run, funcs, funcCnt, &si, instr); in arch_traceSaveData()
848 run_t* run, pid_t pid, funcs_t* funcs, void** crashAddr, char** op) { in arch_parseAsanReport() argument
852 crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); in arch_parseAsanReport()
975 static void arch_traceExitSaveData(run_t* run, pid_t pid) { in arch_traceExitSaveData() argument
981 if (run->crashFileName[0] != '\0') { in arch_traceExitSaveData()
986 ATOMIC_POST_INC(run->global->cnts.crashesCnt); in arch_traceExitSaveData()
987 ATOMIC_POST_AND(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); in arch_traceExitSaveData()
998 if (run->pid != pid) { in arch_traceExitSaveData()
1001 funcCnt = arch_parseAsanReport(run, pid, funcs, &crashAddr, &op); in arch_traceExitSaveData()
1014 if (crashAddr < run->global->linux.ignoreAddr) { in arch_traceExitSaveData()
1016 run->global->linux.ignoreAddr); in arch_traceExitSaveData()
1021 arch_hashCallstack(run, funcs, funcCnt, false); in arch_traceExitSaveData()
1027 if (run->global->feedback.blacklist && in arch_traceExitSaveData()
1028 (fastArray64Search(run->global->feedback.blacklist, run->global->feedback.blacklistCnt, in arch_traceExitSaveData()
1029 run->backtrace) != -1)) { in arch_traceExitSaveData()
1030 LOG_I("Blacklisted stack hash '%" PRIx64 "', skipping", run->backtrace); in arch_traceExitSaveData()
1031 ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); in arch_traceExitSaveData()
1036 if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { in arch_traceExitSaveData()
1037 snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, in arch_traceExitSaveData()
1038 run->origFileName); in arch_traceExitSaveData()
1041 if (run->backtrace != 0ULL && run->global->io.saveUnique) { in arch_traceExitSaveData()
1042 snprintf(run->crashFileName, sizeof(run->crashFileName), in arch_traceExitSaveData()
1044 run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", in arch_traceExitSaveData()
1045 run->global->io.fileExtn); in arch_traceExitSaveData()
1050 snprintf(run->crashFileName, sizeof(run->crashFileName), in arch_traceExitSaveData()
1052 run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", in arch_traceExitSaveData()
1053 localtmstr, run->global->io.fileExtn); in arch_traceExitSaveData()
1057 int fd = open(run->crashFileName, O_WRONLY | O_EXCL | O_CREAT, 0600); in arch_traceExitSaveData()
1059 LOG_I("It seems that '%s' already exists, skipping", run->crashFileName); in arch_traceExitSaveData()
1062 PLOG_E("Cannot create output file '%s'", run->crashFileName); in arch_traceExitSaveData()
1068 if (files_writeToFd(fd, run->dynamicFile, run->dynamicFileSz)) { in arch_traceExitSaveData()
1069 LOG_I("Ok, that's interesting, saved new crash as '%s'", run->crashFileName); in arch_traceExitSaveData()
1071 run->backtrace = 0ULL; in arch_traceExitSaveData()
1073 ATOMIC_POST_INC(run->global->cnts.uniqueCrashesCnt); in arch_traceExitSaveData()
1074 ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); in arch_traceExitSaveData()
1076 LOG_E("Couldn't save crash to '%s'", run->crashFileName); in arch_traceExitSaveData()
1079 memset(run->crashFileName, 0, sizeof(run->crashFileName)); in arch_traceExitSaveData()
1085 run->report[0] = '\0'; in arch_traceExitSaveData()
1086 util_ssnprintf(run->report, sizeof(run->report), "EXIT_CODE: %d\n", HF_SAN_EXIT_CODE); in arch_traceExitSaveData()
1087 util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); in arch_traceExitSaveData()
1088 util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); in arch_traceExitSaveData()
1089 util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); in arch_traceExitSaveData()
1090 util_ssnprintf(run->report, sizeof(run->report), "OPERATION: %s\n", op); in arch_traceExitSaveData()
1091 util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", crashAddr); in arch_traceExitSaveData()
1094 run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); in arch_traceExitSaveData()
1095 util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); in arch_traceExitSaveData()
1097 util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", in arch_traceExitSaveData()
1100 util_ssnprintf(run->report, sizeof(run->report), "[%s + 0x%zx]\n", funcs[i].mapName, in arch_traceExitSaveData()
1103 util_ssnprintf(run->report, sizeof(run->report), "[]\n"); in arch_traceExitSaveData()
1109 static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { in arch_traceExitAnalyzeData() argument
1119 funcCnt = arch_parseAsanReport(run, pid, funcs, &crashAddr, &op); in arch_traceExitAnalyzeData()
1132 arch_hashCallstack(run, funcs, funcCnt, false); in arch_traceExitAnalyzeData()
1135 void arch_traceExitAnalyze(run_t* run, pid_t pid) { in arch_traceExitAnalyze() argument
1136 if (run->mainWorker) { in arch_traceExitAnalyze()
1138 arch_traceExitSaveData(run, pid); in arch_traceExitAnalyze()
1141 arch_traceExitAnalyzeData(run, pid); in arch_traceExitAnalyze()
1146 static void arch_traceEvent(run_t* run, int status, pid_t pid) { in arch_traceEvent() argument
1160 arch_traceExitAnalyze(run, pid); in arch_traceEvent()
1176 void arch_traceAnalyze(run_t* run, int status, pid_t pid) { in arch_traceAnalyze() argument
1181 return arch_traceEvent(run, status, pid); in arch_traceAnalyze()
1193 if (run->mainWorker) { in arch_traceAnalyze()
1194 arch_traceSaveData(run, pid); in arch_traceAnalyze()
1196 arch_traceAnalyzeData(run, pid); in arch_traceAnalyze()
1220 arch_traceExitAnalyze(run, pid); in arch_traceAnalyze()
1309 bool arch_traceAttach(run_t* run) { in arch_traceAttach() argument
1320 if (run->global->sanitizer.enable) { in arch_traceAttach()
1324 if (!arch_traceWaitForPidStop(run->pid)) { in arch_traceAttach()
1328 if (ptrace(PTRACE_SEIZE, run->pid, NULL, seize_options) == -1) { in arch_traceAttach()
1329 PLOG_W("Couldn't ptrace(PTRACE_SEIZE) to pid: %d", (int)run->pid); in arch_traceAttach()
1333 LOG_D("Attached to PID: %d", (int)run->pid); in arch_traceAttach()
1336 if (!arch_listThreads(tasks, MAX_THREAD_IN_TASK, run->pid)) { in arch_traceAttach()
1337 LOG_E("Couldn't read thread list for pid '%d'", run->pid); in arch_traceAttach()
1342 if (tasks[i] == run->pid) { in arch_traceAttach()
1349 LOG_D("Attached to PID: %d (thread_group:%d)", tasks[i], run->pid); in arch_traceAttach()
1352 if (ptrace(PTRACE_CONT, run->pid, NULL, NULL) == -1) { in arch_traceAttach()
1353 PLOG_W("ptrace(PTRACE_CONT) to pid: %d", (int)run->pid); in arch_traceAttach()