Ignore unknown addresses in sanitizer reports #526

kyakdan · 2025-04-19T18:01:13Z

Sometimes, the sanitizer logs contain crash addresses marked as unknown. Here is an example ASan report due to an abort signal (ABRT):
==528025==ERROR: AddressSanitizer: ABRT on unknown address 0x... (pc ...

These addresses can differ for the same bug (PC and stack trace addresses are the same), which breaks error deduplication. This PR addresses this issue by ignoring crash addresses from the sanitizer reports if the address is marked as unknown.

The following are two examples resulting from an undefined behavior bug (int n = 32; n <<= 32;). Each time this bug is triggered, we get a different unknown crash address, which seems to be increased by one each time.

=================================================================
==528024==ERROR: AddressSanitizer: ABRT on unknown address 0x03e800080e98 (pc 0x7ffff689eb2c bp 0x7fffffffd620 sp 0x7fffffffd5e0 T0)
    #0 0x7ffff689eb2c in __pthread_kill_implementation nptl/pthread_kill.c:44
    #1 0x7ffff689eb2c in __pthread_kill_internal nptl/pthread_kill.c:78
    #2 0x7ffff689eb2c in __GI___pthread_kill nptl/pthread_kill.c:89
    #3 0x7ffff684527d in __GI_raise ../sysdeps/posix/raise.c:26
    #4 0x7ffff68288fe in __GI_abort stdlib/abort.c:79
    #5 0x7ffff6c20d2f in __sanitizer::Abort() ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
    #6 0x7ffff6c319cc in __sanitizer::Die() ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
    #7 0x7ffff6c0e6f7 in __ubsan_handle_shift_out_of_bounds_abort ../../../../src/libsanitizer/ubsan/ubsan_handlers.cpp:378
    #8 0x5555555592f6 in LLVMFuzzerTestOneInputNoReturn(unsigned char const*, unsigned long) (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x52f6) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #9 0x555555559055 in LLVMFuzzerTestOneInput (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x5055) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #10 0x55555556415e in HonggfuzzMain (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x1015e) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #11 0x7ffff682a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #12 0x7ffff682a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #13 0x555555558f64 in _start (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x4f64) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT nptl/pthread_kill.c:44 in __pthread_kill_implementation
==528024==ABORTING

=================================================================
==528025==ERROR: AddressSanitizer: ABRT on unknown address 0x03e800080e99 (pc 0x7ffff689eb2c bp 0x7fffffffd620 sp 0x7fffffffd5e0 T0)
    #0 0x7ffff689eb2c in __pthread_kill_implementation nptl/pthread_kill.c:44
    #1 0x7ffff689eb2c in __pthread_kill_internal nptl/pthread_kill.c:78
    #2 0x7ffff689eb2c in __GI___pthread_kill nptl/pthread_kill.c:89
    #3 0x7ffff684527d in __GI_raise ../sysdeps/posix/raise.c:26
    #4 0x7ffff68288fe in __GI_abort stdlib/abort.c:79
    #5 0x7ffff6c20d2f in __sanitizer::Abort() ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
    #6 0x7ffff6c319cc in __sanitizer::Die() ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
    #7 0x7ffff6c0e6f7 in __ubsan_handle_shift_out_of_bounds_abort ../../../../src/libsanitizer/ubsan/ubsan_handlers.cpp:378
    #8 0x5555555592f6 in LLVMFuzzerTestOneInputNoReturn(unsigned char const*, unsigned long) (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x52f6) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #9 0x555555559055 in LLVMFuzzerTestOneInput (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x5055) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #10 0x55555556415e in HonggfuzzMain (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x1015e) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)
    #11 0x7ffff682a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #12 0x7ffff682a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #13 0x555555558f64 in _start (/home/khaled/code/CodeIntelligenceTesting/cifuzz/test/testdata/cmake-default/a.out+0x4f64) (BuildId: eba2deebbd9f5cb707cb20371a0bfc127560614e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT nptl/pthread_kill.c:44 in __pthread_kill_implementation
==528025==ABORTING

In some cases, the sanitizer logs contains addresses marked as unknown. Here is an exampl ASan report due to an abort signal (ABRT): ==528025==ERROR: AddressSanitizer: ABRT on unknown address 0x03e800080e99 (pc ... These addresses can be different for the same bug (PC and stacktrace are the same) and as a result breaks error deduplication. Here, we ignore addresses from the sanitizer reports if the address is markes as unknown.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Ignore unknown addresses in sanitizer reports #526

Ignore unknown addresses in sanitizer reports #526

Uh oh!

kyakdan commented Apr 19, 2025

Uh oh!

Uh oh!

Ignore unknown addresses in sanitizer reports #526

Are you sure you want to change the base?

Ignore unknown addresses in sanitizer reports #526

Uh oh!

Conversation

kyakdan commented Apr 19, 2025

Uh oh!

Uh oh!