Seg fault when building with --fsanitize=introspector

[Navidem]

Noticed a couple of projects are failing with this error:

Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:23 : Main function is non-empty
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:23 : This means a main function is in the source code rather in the libfuzzer library, and thus we do not care about it. We only want to study the actual fuzzers. Exiting this run.
Step #7 - "compile-libfuzzer-introspector-x86_64": clang-15: error: unable to execute command: Segmentation fault (core dumped)

Full logs: arrow, bloaty

[DavidKorczynski]

This is not due to fuzz intropector but LTO. When adding

export CFLAGS="${CFLAGS} -flto"
export CXXFLAGS="${CXXFLAGS} -flto"

to the build file and compiling with address sanitizer I run into the same issue.

I think this is likely a duplicate of https://github.com/ossf/fuzz-introspector/issues/48 as this issue happens across a fair number of projects and reports (and it's a segfault here https://github.com/bitcoin/bitcoin/issues/25961). Compiler issues are tough to handle but it may be that upgrading to clang-16 does the job: https://github.com/ossf/fuzz-introspector/issues/48#issuecomment-1234435211

[Navidem]

c-ares is failing with linker internal error, too. But not seg fault necessary: log

Step #7 - "compile-libfuzzer-introspector-x86_64": /bin/bash ./libtool  --tag=CXX   --mode=link clang++  -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -flegacy-pass-manager -flto -fno-inline-functions -fuse-ld=gold -Wno-unused-command-line-argument -fsanitize=fuzzer-no-link -stdlib=libc++ -g -Wall    -o arestest ares-test-main.o ares-test-init.o ares-test.o ares-test-ns.o ares-test-parse.o ares-test-parse-a.o ares-test-parse-aaaa.o ares-test-parse-caa.o ares-test-parse-mx.o ares-test-parse-naptr.o ares-test-parse-ns.o ares-test-parse-ptr.o ares-test-parse-soa.o ares-test-parse-soa-any.o ares-test-parse-srv.o ares-test-parse-txt.o ares-test-parse-uri.o ares-test-misc.o ares-test-live.o ares-test-mock.o ares-test-mock-ai.o ares-test-internal.o dns-proto.o dns-proto-test.o  libgmock.la ./../src/lib/libcares.la   
Step #7 - "compile-libfuzzer-introspector-x86_64": libtool: link: clang++ -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -flegacy-pass-manager -flto -fno-inline-functions -fuse-ld=gold -Wno-unused-command-line-argument -fsanitize=fuzzer-no-link -stdlib=libc++ -g -Wall -o .libs/arestest ares-test-main.o ares-test-init.o ares-test.o ares-test-ns.o ares-test-parse.o ares-test-parse-a.o ares-test-parse-aaaa.o ares-test-parse-caa.o ares-test-parse-mx.o ares-test-parse-naptr.o ares-test-parse-ns.o ares-test-parse-ptr.o ares-test-parse-soa.o ares-test-parse-soa-any.o ares-test-parse-srv.o ares-test-parse-txt.o ares-test-parse-uri.o ares-test-misc.o ares-test-live.o ares-test-mock.o ares-test-mock-ai.o ares-test-internal.o dns-proto.o dns-proto-test.o  ./.libs/libgmock.a ./../src/lib/.libs/libcares.so
Step #7 - "compile-libfuzzer-introspector-x86_64": We are now in the FuzzIntrospector module pass
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:55 : Fuzz introspector is running
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:55 : Running introspector on ld-temp.o
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:55 : Main function filename: /src/c-ares/test/ares-test-main.cc
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:55 : Main function is non-empty
Step #7 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:05:55 : This means a main function is in the source code rather in the libfuzzer library, and thus we do not care about it. We only want to study the actual fuzzers. Exiting this run.
Step #7 - "compile-libfuzzer-introspector-x86_64": /usr/bin/ld.gold: internal error in read_header_prolog, at ../../gold/dwarf_reader.cc:1678
Step #7 - "compile-libfuzzer-introspector-x86_64": clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
Step #7 - "compile-libfuzzer-introspector-x86_64": make[2]: *** [Makefile:818: arestest] Error 1
Step #7 - "compile-libfuzzer-introspector-x86_64": make[2]: Leaving directory '/src/c-ares/test'
Step #7 - "compile-libfuzzer-introspector-x86_64": make[1]: *** [Makefile:722: all] Error 2
Step #7 - "compile-libfuzzer-introspector-x86_64": make[1]: Leaving directory '/src/c-ares/test'
Step #7 - "compile-libfuzzer-introspector-x86_64": make: *** [Makefile:495: all-recursive] Error 1
Step #7 - "compile-libfuzzer-introspector-x86_64": ********************************************************************************
Step #7 - "compile-libfuzzer-introspector-x86_64": Failed to build.
Step #7 - "compile-libfuzzer-introspector-x86_64": To reproduce, run:
Step #7 - "compile-libfuzzer-introspector-x86_64": python infra/helper.py build_image c-ares
Step #7 - "compile-libfuzzer-introspector-x86_64": python infra/helper.py build_fuzzers --sanitizer introspector --engine libfuzzer --architecture x86_64 c-ares
Step #7 - "compile-libfuzzer-introspector-x86_64": ********************************************************************************

[Navidem]

curl showing same error (log):

Step #6 - "compile-libfuzzer-introspector-x86_64": make -f ../Makefile.shared -e \
Step #6 - "compile-libfuzzer-introspector-x86_64":  APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \
Step #6 - "compile-libfuzzer-introspector-x86_64":  LIBDEPS=" $LIBRARIES -ldl" \
Step #6 - "compile-libfuzzer-introspector-x86_64":  link_app.${shlib_target}
Step #6 - "compile-libfuzzer-introspector-x86_64": make[2]: Entering directory '/src/openssl/apps'
Step #6 - "compile-libfuzzer-introspector-x86_64": ( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-clang}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -O0 -flto -fno-inline-functions -fuse-ld=gold -Wno-unused-command-line-argument -fsanitize=fuzzer-no-link -g -fno-sanitize=alignment -m64 -DL_ENDIAN -O3 -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token  -Wno-extended-offsetof -Qunused-arguments -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} )
Step #6 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:09:55 : Fuzz introspector is running
Step #6 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:09:55 : Running introspector on ld-temp.o
Step #6 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:09:55 : Main function filename: /src/openssl/apps/openssl.c
Step #6 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:09:55 : Main function is non-empty
Step #6 - "compile-libfuzzer-introspector-x86_64": [Log level 1] : 10:09:55 : This means a main function is in the source code rather in the libfuzzer library, and thus we do not care about it. We only want to study the actual fuzzers. Exiting this run.
Step #6 - "compile-libfuzzer-introspector-x86_64": clang-15: error: unable to execute command: Segmentation fault (core dumped)
Step #6 - "compile-libfuzzer-introspector-x86_64": clang-15: error: linker command failed due to signal (use -v to see invocation)
Step #6 - "compile-libfuzzer-introspector-x86_64": make[2]: *** [../Makefile.shared:164: link_app.] Error 254
Step #6 - "compile-libfuzzer-introspector-x86_64": make[2]: Leaving directory '/src/openssl/test'
Step #6 - "compile-libfuzzer-introspector-x86_64": make[1]: *** [Makefile:442: bntest] Error 2
Step #6 - "compile-libfuzzer-introspector-x86_64": make[1]: Leaving directory '/src/openssl/test'
Step #6 - "compile-libfuzzer-introspector-x86_64": make: *** [Makefile:295: build_tests] Error 1
Step #6 - "compile-libfuzzer-introspector-x86_64": make: *** Waiting for unfinished jobs....
Step #6 - "compile-libfuzzer-introspector-x86_64": clang-15: error: unable to execute command: Segmentation fault (core dumped)
Step #6 - "compile-libfuzzer-introspector-x86_64": clang-15: error: linker command failed due to signal (use -v to see invocation)
Step #6 - "compile-libfuzzer-introspector-x86_64": make[2]: *** [../Makefile.shared:164: link_app.] Error 254
Step #6 - "compile-libfuzzer-introspector-x86_64": make[2]: Leaving directory '/src/openssl/apps'
Step #6 - "compile-libfuzzer-introspector-x86_64": make[1]: *** [Makefile:157: openssl] Error 2
Step #6 - "compile-libfuzzer-introspector-x86_64": make[1]: Leaving directory '/src/openssl/apps'
Step #6 - "compile-libfuzzer-introspector-x86_64": make: *** [Makefile:293: build_apps] Error 1