ci: msan use-of-uninitialized-value when -jobs=1 (or higher) #30057

issue maflcko openend this issue on May 7, 2024
  1. maflcko commented at 8:14 pm on May 7, 2024: member

    Nothing to do here, just leaving a note for reference.

    When building the ci_native_fuzz_msan CI pod, and running inside of the pod a fuzz worker, it will report use-of-uninitialized-value inside libfuzzer.

    0FUZZ=parse_univalue /ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz -max_total_time=1 # works

     0FUZZ=parse_univalue /ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz -max_total_time=1 -jobs=1 # fails
 1
 2
 3/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz -max_total_time=1 >fuzz-0.log 2>&1
 4================== Job 0 exited with exit code 0 ============
 5Uninitialized bytes in fputs at offset 22 inside [0x72e000000000, 42177)
 6==40315==WARNING: MemorySanitizer: use-of-uninitialized-value
 7    [#0](/bitcoin-bitcoin/0/) 0x5640af00092f in Puts /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerIO.cpp:155:3
 8    [#1](/bitcoin-bitcoin/1/) 0x5640af00092f in fuzzer::CopyFileToErr(std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>> const&) /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerIO.cpp:68:3
 9    [#2](/bitcoin-bitcoin/2/) 0x5640aeff661c in fuzzer::WorkerThread(fuzzer::Command const&, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*) /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:249:5
10    [#3](/bitcoin-bitcoin/3/) 0x5640aeff6991 in __invoke<void (*)(const fuzzer::Command &, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *> /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__type_traits/invoke.h:344:25
11    [#4](/bitcoin-bitcoin/4/) 0x5640aeff6991 in __thread_execute<std::__Fuzzer::unique_ptr<std::__Fuzzer::__thread_struct, std::__Fuzzer::default_delete<std::__Fuzzer::__thread_struct> >, void (*)(const fuzzer::Command &, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *, 2UL, 3UL, 4UL, 5UL> /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__thread/thread.h:193:3
12    [#5](/bitcoin-bitcoin/5/) 0x5640aeff6991 in void* std::__Fuzzer::__thread_proxy[abi:nn180100]<std::__Fuzzer::tuple<std::__Fuzzer::unique_ptr<std::__Fuzzer::__thread_struct, std::__Fuzzer::default_delete<std::__Fuzzer::__thread_struct>>, void (*)(fuzzer::Command const&, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*>>(void*) /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__thread/thread.h:202:3
13    [#6](/bitcoin-bitcoin/6/) 0x7f52f7e04a93  (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
14    [#7](/bitcoin-bitcoin/7/) 0x7f52f7e91c3b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c3b) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
15
16  Uninitialized value was stored to memory at
17    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
18    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
19
20  Uninitialized value was stored to memory at
21    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
22    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
23
24  Uninitialized value was stored to memory at
25    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
26    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
27
28  Uninitialized value was stored to memory at
29    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
30    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
31
32  Uninitialized value was stored to memory at
33    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
34    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
35
36  Uninitialized value was stored to memory at
37    [#0](/bitcoin-bitcoin/0/) 0x5640af0a8fbb in __msan_memmove /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1748:3
38    [#1](/bitcoin-bitcoin/1/) 0x5640af0311d9 in std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>>::push_back(char) cxa_noexception.cpp
39
40  Uninitialized value was created by a heap allocation
41    [#0](/bitcoin-bitcoin/0/) 0x5640af0b33c2 in malloc /msan/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1021:3
42    [#1](/bitcoin-bitcoin/1/) 0x5640b1b42203 in operator new(unsigned long) cxa_noexception.cpp
43    [#2](/bitcoin-bitcoin/2/) 0x5640af000913 in fuzzer::CopyFileToErr(std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char>> const&) /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerIO.cpp:68:8
44    [#3](/bitcoin-bitcoin/3/) 0x5640aeff661c in fuzzer::WorkerThread(fuzzer::Command const&, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*) /msan/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:249:5
45    [#4](/bitcoin-bitcoin/4/) 0x5640aeff6991 in __invoke<void (*)(const fuzzer::Command &, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *> /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__type_traits/invoke.h:344:25
46    [#5](/bitcoin-bitcoin/5/) 0x5640aeff6991 in __thread_execute<std::__Fuzzer::unique_ptr<std::__Fuzzer::__thread_struct, std::__Fuzzer::default_delete<std::__Fuzzer::__thread_struct> >, void (*)(const fuzzer::Command &, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int> *, unsigned int, std::__Fuzzer::atomic<bool> *, 2UL, 3UL, 4UL, 5UL> /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__thread/thread.h:193:3
47    [#6](/bitcoin-bitcoin/6/) 0x5640aeff6991 in void* std::__Fuzzer::__thread_proxy[abi:nn180100]<std::__Fuzzer::tuple<std::__Fuzzer::unique_ptr<std::__Fuzzer::__thread_struct, std::__Fuzzer::default_delete<std::__Fuzzer::__thread_struct>>, void (*)(fuzzer::Command const&, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*), std::__Fuzzer::reference_wrapper<fuzzer::Command>, std::__Fuzzer::atomic<unsigned int>*, unsigned int, std::__Fuzzer::atomic<bool>*>>(void*) /msan/clang_build/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/__thread/thread.h:202:3
48    [#7](/bitcoin-bitcoin/7/) 0x7f52f7e04a93  (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2)
49
50SUMMARY: MemorySanitizer: use-of-uninitialized-value (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 4d9090d61bf70e6b3225d583f0f08193f54670b2) 
51Exiting
  2. maflcko added the label Tests on May 7, 2024
  3. maflcko closed this on May 7, 2024
  4. maflcko renamed this:
    ci: msan use-of-uninitialized-value when -jobs=1
    ci: msan use-of-uninitialized-value when -jobs=1 (or higher)
    on Jul 1, 2024


maflcko

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-28 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me