Skip to content

ci: run native fuzz with MSAN job #33626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ci: run native fuzz with MSAN job #33626

wants to merge 2 commits into from
+8 −2

Conversation

@fanquake
Copy link
Member

I think this job should exist in this repo (not just qa-assets), if the alternative is double-handling changes to the interpreter (regardless of if it's to work around false positives). #32998 made changes which are now being re-changed in #33600, to work around the false positive mentioned there (so the job should currently fail here).

@DrahtBot DrahtBot added the Tests label Oct 14, 2025
@DrahtBot
Copy link
Contributor

DrahtBot commented Oct 14, 2025
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33626.

Reviews

See the guideline for information on the review process.

Type Reviewers
Concept ACK dergoegge

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #33686 ([wip] [nomerge] [draft] 2510 msan zero by maflcko)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@dergoegge
Copy link
Member

Concept ACK

@fanquake
Copy link
Member Author

fanquake commented Oct 14, 2025
edited
Loading

This has actually failed in a different way:

+ LD_LIBRARY_PATH=/home/admin/actions-runner/_work/_temp/depends/x86_64-pc-linux-gnu/lib
+ /home/admin/actions-runner/_work/_temp/build/test/fuzz/test_runner.py -j16 -l DEBUG /home/admin/actions-runner/_work/_temp/ci/scratch/qa-assets/fuzz_corpora/ --empty_min_time=60
==11758==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x56180d820d70 in SetArgs(int, char**) /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5
    #1 0x56180d820d70 in LLVMFuzzerInitialize /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:223:5
    #2 0x56180ca378cb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe368cb) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #3 0x56180ca66056 in main (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe65056) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #4 0x7f307471b1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #5 0x7f307471b28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #6 0x56180ca2e264 in _start (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe2d264) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)

  Member fields were destroyed
    #0 0x56180caa53a1 in __sanitizer_dtor_callback_fields (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xea43a1) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #1 0x56180ca28e3e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:903:3
    #2 0x56180ca28e3e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:1208:3
    #3 0x56180ca28e3e in std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, script_verify_flag_name>::~pair() /cxx_build/include/c++/v1/__utility/pair.h:90:8
    #4 0x56180ca28e3e in __cxx_global_var_init.18 /home/admin/actions-runner/_work/_temp/build/src/./script/interpreter.cpp:2167:54
    #5 0x56180ca28e3e in _GLOBAL__sub_I_interpreter.cpp /home/admin/actions-runner/_work/_temp/build/src/./script/interpreter.cpp
    #6 0x7f307471b303 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a303) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #7 0x56180ca2e264 in _start (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe2d264) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5 in SetArgs(int, char**)
Exiting

Looks like #30760?

@maflcko
Copy link
Member

maflcko commented Oct 15, 2025

No objection, but my worry is that the error is not exactly trivial to understand and actionable:

  • In 9cb9651 it was fixed by changing the linker. While the patch looks harmless and is easy to test to fix the issue, I don't think it is straightforward to see why a runtime sanitizer issue is addressed by link-time changes.
  • In ci: Bump msan to llvm-18 #29676 (comment) it was fixed by accident as a side product of a compiler version bump.

So making this task a blocker for all pull requests could mean a pull request is blocked for unrelated and unclear reasons. Maybe that is fine, though, I just wanted to mention it.

@fanquake
Copy link
Member Author

my worry is that the error is not exactly trivial to understand and actionable:

I agree that it's odd, and I'm wondering why it's not happening (seemingly at all?) in the qa-assets repo?

@maflcko
Copy link
Member

maflcko commented Oct 15, 2025

I agree that it's odd, and I'm wondering why it's not happening (seemingly at all?) in the qa-assets repo?

I can see it happening here: https://github.com/bitcoin-core/qa-assets/actions/runs/18426954137/job/52509387674#step:7:5257:

==11740==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55e39ba5db80 in SetArgs(int, char**) /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5
    #1 0x55e39ba5db80 in LLVMFuzzerInitialize /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:223:5
    #2 0x55e39ac758bb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/runner/work/_temp/build/bin/fuzz+0xe328bb) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #3 0x55e39aca4046 in main (/home/runner/work/_temp/build/bin/fuzz+0xe61046) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #4 0x7f617ba6c1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #5 0x7f617ba6c28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #6 0x55e39ac6c254 in _start (/home/runner/work/_temp/build/bin/fuzz+0xe29254) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)

  Member fields were destroyed
    #0 0x55e39ace3391 in __sanitizer_dtor_callback_fields (/home/runner/work/_temp/build/bin/fuzz+0xea0391) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #1 0x55e39ac66e2e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:903:3
    #2 0x55e39ac66e2e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:1208:3
    #3 0x55e39ac66e2e in std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, script_verify_flag_name>::~pair() /cxx_build/include/c++/v1/__utility/pair.h:90:8
    #4 0x55e39ac66e2e in __cxx_global_var_init.18 /home/runner/work/_temp/build/src/./script/interpreter.cpp:2167:54
    #5 0x55e39ac66e2e in _GLOBAL__sub_I_interpreter.cpp /home/runner/work/_temp/build/src/./script/interpreter.cpp
    #6 0x7f617ba6c303 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a303) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #7 0x55e39ac6c254 in _start (/home/runner/work/_temp/build/bin/fuzz+0xe29254) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5 in SetArgs(int, char**)
Exiting
Traceback (most recent call last):
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 404, in <module>
    main()
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 111, in main
    test_list_all = parse_test_list(
                    ^^^^^^^^^^^^^^^^
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 390, in parse_test_list
    test_list_all = subprocess.run(
                    ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '/home/runner/work/_temp/build/bin/fuzz' returned non-zero exit status 1.
Command '['./ci/test/02_run_container.sh']' returned non-zero exit status 1.
Error: Process completed with exit code 1.

@maflcko maflcko mentioned this pull request Oct 17, 2025
Merged
@fanquake fanquake force-pushed the add_msan_fuzz_ci branch 3 times, most recently from 9955327 to 1ca3ed4 Compare October 23, 2025 09:59
@fanquake fanquake marked this pull request as ready for review October 23, 2025 10:01
@DrahtBot DrahtBot mentioned this pull request Oct 23, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fanquake @DrahtBot @dergoegge @maflcko