Closed maflcko closed 1 week ago
#0 0x55f0c9bdeffb in SetArgs(int, char**) ci/scratch/build-x86_64-pc-linux-gnu/src/test/fuzz/util/./src/test/fuzz/fuzz.cpp:50:5
So argc
is uninitialized? It comes from here:
#1 0x55f0c9bdeffb in LLVMFuzzerInitialize ci/scratch/build-x86_64-pc-linux-gnu/src/test/fuzz/util/./src/test/fuzz/fuzz.cpp:216:5
#2 0x55f0c8f48508 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:650:5
https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/FuzzerDriver.cpp#L645-L651
#3 0x55f0c8f758b2 in main /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/FuzzerMain.cpp#L19-L20
Looks bogus - how could argc
be uninitialized in int main(int argc, ...)
!?
Was it compiled in a different way with cmake compared to autotools?
Also this is puzzling:
Member fields were destroyed
...
#4 0x55f0c8f3ba72 in __cxx_global_var_init ci/scratch/build-x86_64-pc-linux-gnu/src/util/./src/logging.cpp:170:66
What has LOG_CATEGORIES_BY_STR
to do with argc
being uninitialized?
The question is why does it happen when fuzz
is compiled with cmake
, but not when compiled with autotools?
The report itself is likely a false positive.
Let me check https://github.com/bitcoin/bitcoin/pull/29837/files
Looking at the output of an msan fuzz ci run from qa-assets: https://cirrus-ci.com/task/5304183451025408?logs=ci#L797, it looks like the C++ compiler flags
line is just missing from the CMake output?:
Cross compiling ....................... FALSE
C++ compiler .......................... Clang 18.1.3, /usr/bin/clang++
Preprocessor defined macros ........... ABORT_ON_FAILED_ASSUME
Linker flags .......................... -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls -nostdinc++ -nostdlib++ -isystem /msan/cxx_build/include/c++/v1 -L/msan/cxx_build/lib -Wl,-rpath,/msan/cxx_build/lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument -O2 -g -fsanitize=fuzzer,memory -fstack-protector-all -fcf-protection=full -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -fPIE -pie
Not sure why that would happen, but I'm assuming that is related.
Yeah, an alternative to get them may be --verbose
. I'll try that next week.
Looking at the output of an msan fuzz ci run from qa-assets: https://cirrus-ci.com/task/5304183451025408?logs=ci#L797, it looks like the
C++ compiler flags
line is just missing from the CMake output?:Cross compiling ....................... FALSE C++ compiler .......................... Clang 18.1.3, /usr/bin/clang++ Preprocessor defined macros ........... ABORT_ON_FAILED_ASSUME Linker flags .......................... -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls -nostdinc++ -nostdlib++ -isystem /msan/cxx_build/include/c++/v1 -L/msan/cxx_build/lib -Wl,-rpath,/msan/cxx_build/lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument -O2 -g -fsanitize=fuzzer,memory -fstack-protector-all -fcf-protection=full -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -fPIE -pie
Not sure why that would happen, but I'm assuming that is related.
https://cirrus-ci.com/task/5304183451025408:
Cross compiling ....................... FALSE
C++ compiler .......................... Clang 18.1.3, /usr/bin/clang++
CMAKE_BUILD_TYPE ...................... RelWithDebInfo
Preprocessor defined macros ........... ABORT_ON_FAILED_ASSUME
C++ compiler flags .................... -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls -nostdinc++ -nostdlib++ -isystem /msan/cxx_build/include/c++/v1 -L/msan/cxx_build/lib -Wl,-rpath,/msan/cxx_build/lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument -O2 -g -std=c++20 -fPIC -fdebug-prefix-map=/ci_container_base=. -fmacro-prefix-map=/ci_container_base=. -Werror -fsanitize=fuzzer,memory -Wall -Wextra -Wgnu -Wformat -Wformat-security -Wvla -Wshadow-field -Wthread-safety -Wloop-analysis -Wredundant-decls -Wunused-member-function -Wdate-time -Wconditional-uninitialized -Woverloaded-virtual -Wsuggest-override -Wimplicit-fallthrough -Wunreachable-code -Wdocumentation -Wself-assign -Wundef -Wno-unused-parameter -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection -DBOOST_MULTI_INDEX_ENABLE_SAFE_MODE -U_FORTIFY_SOURCE
Linker flags .......................... -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls -nostdinc++ -nostdlib++ -isystem /msan/cxx_build/include/c++/v1 -L/msan/cxx_build/lib -Wl,-rpath,/msan/cxx_build/lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument -O2 -g -fsanitize=fuzzer,memory -fstack-protector-all -fcf-protection=full -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -fPIE -pie
I recall a similar issue previously.