search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.13k stars 2.15k forks source link

tarantool: Use latest builder #12085

Open maflcko opened 2 weeks ago

github-actions[bot] commented 2 weeks ago

maflcko has previously contributed to projects/tarantool. The previous PR was #11714

maflcko commented 2 weeks ago

cc @ligurio maybe you can take a look at the newly reported error from ubsan, please?


BAD BUILD: /tmp/not-out/tmpmlr5u3tj/swim_proto_member_fuzzer seems to have either startup crash or exit:
vm.mmap_rnd_bits = 28
/tmp/not-out/tmpmlr5u3tj/swim_proto_member_fuzzer -rss_limit_mb=2560 -timeout=25 -seed=1337 -runs=4 -dict=swim_proto_member_fuzzer.dict < /dev/null
Dictionary: 2 entries
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1337
INFO: Loaded 1 modules   (24025 inline 8-bit counters): 24025 [0x55af3f6acca8, 0x55af3f6b2a81), 
INFO: Loaded 1 PC tables (24025 PCs): 24025 [0x55af3f6b2a88,0x55af3f710818), 
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
/src/tarantool/src/lib/core/trigger.h:121:2: runtime error: member access within null pointer of type 'typeof (*trigger)' (aka 'struct trigger')
    #0 0x55af3f4af3ce in trigger_destroy /src/tarantool/src/lib/core/trigger.h:121:2
    #1 0x55af3f48fc45 in fiber_destroy /src/tarantool/src/lib/core/fiber.c:1643:2
    #2 0x55af3f48f9b7 in cord_destroy /src/tarantool/src/lib/core/fiber.c:1947:2
    #3 0x55af3f49ad16 in fiber_free /src/tarantool/src/lib/core/fiber.c:2262:2
    #4 0x55af3f43c14c in LLVMFuzzerTestOneInput /src/tarantool/test/fuzz/swim_proto_member_fuzzer.c:41:5
    #5 0x55af3f3801d0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #6 0x55af3f3816d1 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile>>&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:807:3
    #7 0x55af3f381cb7 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile>>&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:867:3
    #8 0x55af3f36f676 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:914:6
    #9 0x55af3f39c7f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #10 0x7eff4ac1a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 0702430aef5fa3dda43986563e9ffcc47efbd75e)
    #11 0x55af3f3607ed in _start (/tmp/not-out/tmpmlr5u3tj/swim_proto_member_fuzzer+0x1d17ed)

DEDUP_TOKEN: trigger_destroy--fiber_destroy--cord_destroy
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /src/tarantool/src/lib/core/trigger.h:121:2 in 
MS: 0 ; base unit: 0000000000000000000000000000000000000000

artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
ligurio commented 2 weeks ago

https://github.com/tarantool/tarantool/issues/10143

maflcko commented 1 day ago

@ligurio Do you approve the temporary workaround (disabling ubsan for now), until the issue is fixed?

ligurio commented 1 day ago

@maflcko okay, lets disable it. I'll remove workaround after closing the issue.