allocator_may_return_null doesn't seem to be set to 1 when fuzzers are run under MSan

[evverx]

I added a file to the seed corpus and it triggered an unreproducible MSan crash I reported in #67 (comment). By running ./infra/helper.py I noticed that it failed because the allocator was out of memory. Issues like that are kind of ignored in ASan runs where allocator_may_return_null=1 is passed among ASAN_OPTIONS and propagate until real OOMs are hit, which is handled by the REPORT_OOMS setting.

[jonathanmetzman]

I'll take a look at this next week when I get back from break.

[evverx]

I've just run into this issue. Even though REPORT_OOM was set in In https://github.com/evverx/libbpf/runs/4936105419?check_suite_focus=true the fuzzer failed with

2022-01-25T11:34:39.7641698Z INFO: Loaded 1 modules   (9881 inline 8-bit counters): 9881 [0x73d4bb, 0x73fb54), 
2022-01-25T11:34:39.7713868Z INFO: Loaded 1 PC tables (9881 PCs): 9881 [0x6c7670,0x6ee000), 
2022-01-25T11:34:39.7725515Z INFO:     1319 files found in /github/workspace/cifuzz-corpus/bpf-object-fuzzer
2022-01-25T11:34:39.7737711Z INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 524291 bytes
2022-01-25T11:34:39.7742684Z INFO: seed corpus: files: 1319 min: 1b max: 524291b total: 3297972b rss: 68Mb
2022-01-25T11:34:39.7955157Z ==21==ERROR: MemorySanitizer: requested allocation size 0xffffff0000000000 exceeds maximum supported size of 0x200000000
2022-01-25T11:34:40.3439122Z     #0 0x4d589d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:911:3
2022-01-25T11:34:40.3439535Z     #1 0x5b1967 in bpf_object__init_prog /src/libbpf/src/libbpf.c:700:16
2022-01-25T11:34:40.3439887Z     #2 0x5b1967 in bpf_object__add_programs /src/libbpf/src/libbpf.c:776:9
2022-01-25T11:34:40.3440217Z     #3 0x596fb7 in bpf_object__elf_collect /src/libbpf/src/libbpf.c:3344:11
2022-01-25T11:34:40.3440522Z     #4 0x53b91c in bpf_object_open /src/libbpf/src/libbpf.c:7037:16
2022-01-25T11:34:40.3440840Z     #5 0x53c5cf in bpf_object__open_mem /src/libbpf/src/libbpf.c:7102:20
2022-01-25T11:34:40.3441318Z     #6 0x528865 in LLVMFuzzerTestOneInput /src/libbpf/fuzz/bpf-object-fuzzer.c:16:8
2022-01-25T11:34:40.3472730Z     #7 0x4551b3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
2022-01-25T11:34:40.3473356Z     #8 0x45499a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) cxa_noexception.cpp
2022-01-25T11:34:40.3473918Z     #9 0x4566e4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp
2022-01-25T11:34:40.3474433Z     #10 0x456919 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) cxa_noexception.cpp
2022-01-25T11:34:40.3474887Z     #11 0x44652f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
2022-01-25T11:34:40.3475550Z     #12 0x46f452 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
2022-01-25T11:34:40.3476287Z     #13 0x7fb449ba30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
2022-01-25T11:34:40.3476486Z 
2022-01-25T11:34:40.3476864Z DEDUP_TOKEN: __interceptor_malloc--bpf_object__init_prog--bpf_object__add_programs
2022-01-25T11:34:40.3477329Z ==21==HINT: if you don't care about these errors you may set allocator_may_return_null=1
2022-01-25T11:34:40.3477954Z SUMMARY: MemorySanitizer: allocation-size-too-big /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:911:3 in __interceptor_malloc
2022-01-25T11:34:40.3478359Z MS: 0 ; base unit: 0000000000000000000000000000000000000000
2022-01-25T11:34:40.3484240Z