Parse .NET exception stacks in crash output (#2988)

Author: Porges

src/agent/Cargo.lock

@@ -89,7 +89,7 @@ async fn main() -> Result<()> {
     println!();
     println!("[+] verbose test result:");
     println!();
-    println!("{test_result:?}");
+    println!("{test_result:#?}");
 
     Ok(())
 }

src/agent/onefuzz/examples/test-input.rs

@@ -204,7 +204,7 @@ impl<'a> Tester<'a> {
         cmd.args(args).stdin(Stdio::null());
         cmd.envs(env);
 
-        let (sender, receiver) = std::sync::mpsc::channel();
+        let (sender, receiver) = tokio::sync::oneshot::channel();
 
         // Create two async tasks: one off-thread task for the blocking triage run,
         // and one task that will kill the triage target if we time out.
@@ -215,60 +215,67 @@ impl<'a> Tester<'a> {
             let triage = crate::triage::TriageCommand::new(cmd)?;
 
             // Share the new child ID with main thread.
-            sender.send(triage.pid())?;
+            let Ok(()) = sender.send(triage.pid()) else { bail!("unable to send PID") };
 
             // The target run is blocking, and may hang.
             triage.run()
         });
 
         // Save the new process ID of the spawned triage target, so we can try to kill
         // the (possibly hung) target out-of-band, if we time out.
-        let target_pid = receiver.recv()?;
+        let target_pid = match receiver.await {
+            Ok(pid) => pid,
+            Err(e) => {
+                if triage.is_finished() {
+                    bail!("triage run failed: {:?}", triage.await.unwrap().err());
+                } else {
+                    bail!("unable to receive PID: {}", e);
+                }
+            }
+        };
 
         let timeout = tokio::time::timeout(self.timeout, triage).await;
-        let crash = if timeout.is_err() {
+        if timeout.is_err() {
             // Yes. Try to kill the target process, if hung.
             kill(target_pid, Signal::SIGKILL)?;
             bail!("process timed out");
-        } else {
-            let report = timeout???;
-
-            if let Some(crash) = report.crashes.last() {
-                let crash_thread = crash
-                    .threads
-                    .get(&crash.tid.as_raw())
-                    .ok_or_else(|| anyhow!("no thread info for crash thread ID = {}", crash.tid))?;
-
-                let call_stack: Vec<_> = crash_thread
-                    .callstack
-                    .iter()
-                    .enumerate()
-                    .map(|(idx, frame)| StackEntry {
-                        line: format!("#{idx} {frame}"),
-                        address: Some(frame.addr.0),
-                        function_name: frame.function.as_ref().map(|x| x.name.clone()),
-                        function_offset: frame.function.as_ref().map(|x| x.offset),
-                        module_path: frame.module.as_ref().map(|x| x.name.clone()),
-                        module_offset: frame.module.as_ref().map(|x| x.offset),
-                        source_file_name: None,
-                        source_file_line: None,
-                        source_file_path: None,
-                    })
-                    .collect();
-
-                let crash_type = crash.signal.to_string();
-                let sanitizer = crash_type.clone();
-                let fault_type = crash_type;
-
-                Some(CrashLog::new(
-                    None, None, sanitizer, fault_type, None, None, call_stack,
-                )?)
-            } else {
-                None
-            }
+        }
+
+        let report = timeout???;
+
+        let Some(crash) = report.crashes.last() else {
+            return Ok(None);
         };
 
-        Ok(crash)
+        let crash_thread = crash
+            .threads
+            .get(&crash.tid.as_raw())
+            .ok_or_else(|| anyhow!("no thread info for crash thread ID = {}", crash.tid))?;
+
+        let call_stack: Vec<_> = crash_thread
+            .callstack
+            .iter()
+            .enumerate()
+            .map(|(idx, frame)| StackEntry {
+                line: format!("#{idx} {frame}"),
+                address: Some(frame.addr.0),
+                function_name: frame.function.as_ref().map(|x| x.name.clone()),
+                function_offset: frame.function.as_ref().map(|x| x.offset),
+                module_path: frame.module.as_ref().map(|x| x.name.clone()),
+                module_offset: frame.module.as_ref().map(|x| x.offset),
+                source_file_name: None,
+                source_file_line: None,
+                source_file_path: None,
+            })
+            .collect();
+
+        let crash_type = crash.signal.to_string();
+        let sanitizer = crash_type.clone();
+        let fault_type = crash_type;
+
+        Ok(Some(CrashLog::new(
+            None, None, sanitizer, fault_type, None, None, call_stack,
+        )?))
     }
 
     pub async fn test_input(&self, input_file: impl AsRef<Path>) -> Result<TestResult> {

src/agent/onefuzz/src/input_tester.rs

@@ -353,13 +353,13 @@ impl LibFuzzer {
         .check_asan_stderr(true)
         .check_retry_count(retry)
         .add_setup_to_path(true)
-        .set_optional(timeout, |tester, timeout| tester.timeout(timeout));
+        .set_optional(timeout, Tester::timeout);
 
         if cfg!(target_family = "unix") {
             tester = tester.add_setup_to_ld_library_path(true);
         }
 
-        tester.test_input(test_input.as_ref()).await
+        tester.test_input(test_input).await
     }
 
     pub async fn merge(

src/agent/onefuzz/src/libfuzzer.rs

@@ -9,6 +9,7 @@ license = "MIT"
 anyhow = "1.0"
 hex = "0.4"
 regex = "1.7.1"
+lazy_static = "1.4.0"
 sha2 = "0.10.2"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"

src/agent/stacktrace-parser/Cargo.toml

@@ -0,0 +1,77 @@
+{
+  "text": "Unhandled exception. System.Exception: No fuzzing target specified\n ---> System.Exception: Missing `LIBFUZZER_DOTNET_TARGET` environment variables: LIBFUZZER_DOTNET_TARGET_ASSEMBLY, LIBFUZZER_DOTNET_TARGET_CLASS, LIBFUZZER_DOTNET_TARGET_METHOD\n   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironmentVars() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 190\n   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 166\n   --- End of inner exception stack trace ---\n   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171\n   at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70\n   at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57\n",
+  "sanitizer": ".NET",
+  "summary": "Unhandled exception. System.Exception: No fuzzing target specified ---> System.Exception: Missing `LIBFUZZER_DOTNET_TARGET` environment variables: LIBFUZZER_DOTNET_TARGET_ASSEMBLY, LIBFUZZER_DOTNET_TARGET_CLASS, LIBFUZZER_DOTNET_TARGET_METHOD",
+  "fault_type": "Unhandled exception",
+  "call_stack": [
+    "   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171",
+    "   at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70",
+    "   at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57"
+  ],
+  "full_stack_details": [
+    {
+      "line": "   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171",
+      "function_name": "LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment()",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 171
+    },
+    {
+      "line": "   at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70",
+      "function_name": "LibFuzzerDotnetLoader.Program.TryMain()",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 70
+    },
+    {
+      "line": "   at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57",
+      "function_name": "LibFuzzerDotnetLoader.Program.Main(String[] args)",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 57
+    }
+  ],
+  "full_stack_names": [
+    "LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment",
+    "LibFuzzerDotnetLoader.Program.TryMain",
+    "LibFuzzerDotnetLoader.Program.Main"
+  ],
+  "minimized_stack_details": [
+    {
+      "line": "   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171",
+      "function_name": "LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment()",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 171
+    },
+    {
+      "line": "   at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70",
+      "function_name": "LibFuzzerDotnetLoader.Program.TryMain()",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 70
+    },
+    {
+      "line": "   at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57",
+      "function_name": "LibFuzzerDotnetLoader.Program.Main(String[] args)",
+      "source_file_name": "Program.cs",
+      "source_file_path": "/workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs",
+      "source_file_line": 57
+    }
+  ],
+  "minimized_stack": [
+    "   at LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 171",
+    "   at LibFuzzerDotnetLoader.Program.TryMain() in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 70",
+    "   at LibFuzzerDotnetLoader.Program.Main(String[] args) in /workspaces/onefuzz/src/agent/LibFuzzerDotnetLoader/Program.cs:line 57"
+  ],
+  "minimized_stack_function_names": [
+    "LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment",
+    "LibFuzzerDotnetLoader.Program.TryMain",
+    "LibFuzzerDotnetLoader.Program.Main"
+  ],
+  "minimized_stack_function_lines": [
+    "LibFuzzerDotnetLoader.LibFuzzerDotnetTarget.FromEnvironment() Program.cs:171",
+    "LibFuzzerDotnetLoader.Program.TryMain() Program.cs:70",
+    "LibFuzzerDotnetLoader.Program.Main(String[] args) Program.cs:57"
+  ]
+}