Skip to content

Use Backtrace::capture instead of force_capture#3735

Closed
mschwager wants to merge 2 commits intoAFLplusplus:mainfrom
mschwager:mschwager-rust-backtrace
Closed

Use Backtrace::capture instead of force_capture#3735
mschwager wants to merge 2 commits intoAFLplusplus:mainfrom
mschwager:mschwager-rust-backtrace

Conversation

@mschwager
Copy link
Copy Markdown
Contributor

@mschwager mschwager commented Feb 20, 2026

Description

Using capture instead of force_capture allows callers to set RUST_BACKTRACE to their preferred behavior.

My motivation here is that, when running in libFuzzer compatibility mode, every discovered crash outputs the BACKTRACE information, which often includes thousands of lines of irrelevant Rust call frame information. I think it's fine to include this as the default behavior, but it'd be nice to allow users to toggle the functionality using RUST_BACKTRACE.

Checklist

  • I have run ./scripts/precommit.sh and addressed all comments

@domenukk
Copy link
Copy Markdown
Member

domenukk commented Apr 7, 2026

Hmm... why caputure a minibsod at all when you don't want to see it?

@mschwager
Copy link
Copy Markdown
Contributor Author

mschwager commented Apr 7, 2026

Hmm... why caputure a minibsod at all when you don't want to see it?

I'm not totally following your question. Could you elaborate? Sorry, I'm not very familiar with the codebase.

This BACKTRACE information is part of the output I see when using the libafl_libfuzzer crate.

@domenukk
Copy link
Copy Markdown
Member

domenukk commented Apr 7, 2026
edited
Loading

I mean my point is that people who use the minibsod crate to create a bsod should get a full bsod (or rather, have the choice in code)

Probably in this case we should parse the env variable one layer higher inside libafl_libfuzzer to serve users of that crate IMHO

@mschwager
Copy link
Copy Markdown
Contributor Author

mschwager commented Apr 8, 2026

Looking through the code a bit more I think I see what you're saying.

I should've opened an issue here to describe the problem I'm facing rather than jumping straight to a solution. The problem is: when using libafl_libfuzzer_runtime any time an ASan assertion is hit LibAFL outputs about 2MB of Rust backtrace information under the following code path:

==9==ABORTING
DEBUG: inproc_crash_handler enter
[2026-04-08T11:47:08Z ERROR libafl::executors::hooks::unix::unix_signal_handler] Crashed with SIGABRT
[2026-04-08T11:47:08Z ERROR libafl::executors::hooks::unix::unix_signal_handler] Child crashed!
[2026-04-08T11:47:09Z ERROR libafl::executors::hooks::unix::unix_signal_handler] input: "0f0b2ade69d094fc"
...
< 2MB of debug information >

I'll open an issue better describing the problem I'm facing and we can discuss different solutions there 👍

@mschwager mschwager closed this Apr 8, 2026
@mschwager mschwager mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mschwager @domenukk