search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.51k stars 2.23k forks source link

[lua] LeakSanitizer breaks building on ARM64 #11798

Open ligurio opened 6 months ago

ligurio commented 6 months ago

Problem

LeakSanitizer breaks building of luaL_loadbuffer_proto for a Lua project on ARM64 (everything is fine on x86_64 and i386). Part of build log ^1:

<snipped>

Step #43 - "compile-libfuzzer-address-aarch64": FAILED: tests/capi/luaL_loadbuffer_proto/preamble.lua.c /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.c 
Step #43 - "compile-libfuzzer-address-aarch64": cd /src/testdir/build/tests/capi/luaL_loadbuffer_proto && /usr/bin/echo 'const char preamble_lua[] =' > /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.new.c && /src/testdir/build/extra/txt2c /src/testdir/tests/capi/luaL_loadbuffer_proto/preamble.lua >> /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.new.c && /usr/bin/echo ';' >> /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.new.c && /usr/local/bin/cmake -E copy_if_different /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.new.c /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.c && /usr/local/bin/cmake -E remove /src/testdir/build/tests/capi/luaL_loadbuffer_proto/preamble.lua.new.c
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_printf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_sprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_snprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_fprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_vprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_vsprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__isoc99_vfprintf'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept 'xdr_destroy'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept 'crypt'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept 'crypt_r'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__cxa_throw'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: failed to intercept '__cxa_rethrow_primary_exception'
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer: libc interceptors initialized
Step #43 - "compile-libfuzzer-address-aarch64": || `[0x002000000000, 0x007fffffffff]` || HighMem    ||
Step #43 - "compile-libfuzzer-address-aarch64": || `[0x001400000000, 0x001fffffffff]` || HighShadow ||
Step #43 - "compile-libfuzzer-address-aarch64": || `[0x001200000000, 0x0013ffffffff]` || ShadowGap  ||
Step #43 - "compile-libfuzzer-address-aarch64": || `[0x001000000000, 0x0011ffffffff]` || LowShadow  ||
Step #43 - "compile-libfuzzer-address-aarch64": || `[0x000000000000, 0x000fffffffff]` || LowMem     ||
Step #43 - "compile-libfuzzer-address-aarch64": MemToShadow(shadow): 0x001200000000 0x00123fffffff 0x001280000000 0x0013ffffffff
Step #43 - "compile-libfuzzer-address-aarch64": redzone=16
Step #43 - "compile-libfuzzer-address-aarch64": max_redzone=2048
Step #43 - "compile-libfuzzer-address-aarch64": quarantine_size_mb=256M
Step #43 - "compile-libfuzzer-address-aarch64": thread_local_quarantine_size_kb=1024K
Step #43 - "compile-libfuzzer-address-aarch64": malloc_context_size=30
Step #43 - "compile-libfuzzer-address-aarch64": SHADOW_SCALE: 3
Step #43 - "compile-libfuzzer-address-aarch64": SHADOW_GRANULARITY: 8
Step #43 - "compile-libfuzzer-address-aarch64": SHADOW_OFFSET: 0x1000000000
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==Installed the sigaction for signal 11
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==Installed the sigaction for signal 7
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==Installed the sigaction for signal 8
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==T0: stack [0x004000001000,0x004000801000) size 0x800000; local=0x0040007fffac
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==AddressSanitizer Init done
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==Failed spawning a tracer thread (errno 22).
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==LeakSanitizer has encountered a fatal error.
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
Step #43 - "compile-libfuzzer-address-aarch64": ==2413==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)

Solution

There are a plenty of issues with similar symptoms. In "LeakSanitizer has encountered a fatal error" ^2 suggested a fix:

We don't run it privileged (lots of capabilities). For LSan it should be enough only to enable ptrace: --cap-add SYS_PTRACE

And according to PR "use SYS_PTRACE capability" ^3 this flag had been added. Probably it was done for x86_64 Docker images and not for ARM64.

Related issues

jonathanmetzman commented 6 months ago

The ARM builds aren't really supported (yet?).