[llvm-bugs] [Bug 43814] New: segfault when oss-fuzz builds libtorrent

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Oct 26 01:23:59 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=43814

            Bug ID: 43814
           Summary: segfault when oss-fuzz builds libtorrent
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
          Assignee: unassignedclangbugs at nondot.org
          Reporter: llvmbugzilla at pauldreik.se
                CC: blitzrakete at gmail.com, dgregor at apple.com,
                    erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
                    richard-llvm at metafoo.co.uk

Created attachment 22732
  --> https://bugs.llvm.org/attachment.cgi?id=22732&action=edit
part1 of reproducer

Oss-fuzz has reported build failure for libtorrent since 2019-09-18

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17308

I suspected it was related to boost, so I switched to boost 1.70 but the same
thing happened. The output below is using 1.70, so not identical to the
oss-fuzz build but it should be irrelevant for the crash.

Here is an excerpt of the build failure, when running the oss-fuzz docker build
locally:

(unfortunately I had to splite the huge file in two, to pass the size limit on
attachments)

...failed clang-linux.compile.c++.without-pch
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/peer_connection.o...
clang-linux.compile.c++.without-pch
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/web_connection_base.o
Stack dump:
0.      Program arguments: /usr/local/bin/clang-10 -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name web_connection_base.cpp -mrelocation-model
static -mthread-model posix -mframe-pointer=all -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64
-dwarf-column-info -debug-info-kind=line-tables-only -dwarf-version=4
-debugger-tuning=gdb -resource-dir /usr/local/lib/clang/10.0.0 -D
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D BOOST_ALL_NO_LIB -D
BOOST_ASIO_ENABLE_CANCELIO -D BOOST_ASIO_HAS_STD_CHRONO -D
BOOST_MULTI_INDEX_DISABLE_SERIALIZATION -D BOOST_NO_DEPRECATED -D
BOOST_SYSTEM_NO_DEPRECATED -D BOOST_SYSTEM_STATIC_LINK=1 -D NDEBUG -D
OPENSSL_NO_SSL2 -D TORRENT_BUILDING_LIBRARY -D TORRENT_EXPORT_EXTRA -D
TORRENT_USE_ASSERTS=1 -D TORRENT_USE_I2P=1 -D TORRENT_USE_LIBCRYPTO -D
TORRENT_USE_OPENSSL -D _FILE_OFFSET_BITS=64 -D _GLIBCXX_DEBUG -D
_GLIBCXX_DEBUG_PEDANTIC -D _WIN32_WINNT=0x0600 -I ../ed25519/src -I ../include
-I ../include/libtorrent -I /src/boost_1_70_0 -I /usr/local/include -I
/usr/sfw/include -internal-isystem /usr/local/bin/../include/c++/v1
-internal-isystem /usr/local/include -internal-isystem
/usr/local/lib/clang/10.0.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /include
-internal-externc-isystem /usr/include -O1 -Wall -Wno-inline
-Wno-c++98-compat-pedantic -Weverything -Wno-documentation
-Wno-exit-time-destructors -Wno-global-constructors -Wno-padded
-Wno-return-std-move-in-c++11 -Wno-unknown-warning-option -Wno-weak-vtables
-fdeprecated-macro -fdebug-compilation-dir /src/libtorrent/fuzzers
-ferror-limit 19 -fmessage-length 0 -pthread -fobjc-runtime=gcc
-fcxx-exceptions -fexceptions -fdiagnostics-show-option -faddrsig -o
../bin/clang-linux-ossfuzz/release/asserts-on/crypto-openssl/debug-iterators-on/debug-symbols-on/export-extra-on/fuzz-external/link-static/threading-multi/src/web_connection_base.o
-x c++ ../src/web_connection_base.cpp 
1.      <eof> parser at end of file
 #0 0x000000000149d5b4 PrintStackTraceSignalHandler(void*)
(/usr/local/bin/clang-10+0x149d5b4)
 #1 0x000000000149b48e llvm::sys::RunSignalHandlers()
(/usr/local/bin/clang-10+0x149b48e)
 #2 0x000000000149d9a8 SignalHandler(int) (/usr/local/bin/clang-10+0x149d9a8)
 #3 0x00007f45d44e8390 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x11390)
 #4 0x0000000001816ffd
clang::CodeGen::CodeGenFunction::EmitEndEHSpec(clang::Decl const*)
(/usr/local/bin/clang-10+0x1816ffd)
 #5 0x00000000016b4112
clang::CodeGen::CodeGenFunction::FinishFunction(clang::SourceLocation)
(/usr/local/bin/clang-10+0x16b4112)
 #6 0x00000000016b0365
clang::CodeGen::CodeGenFunction::EmitMustTailThunk(clang::GlobalDecl,
llvm::Value*, llvm::FunctionCallee) (/usr/local/bin/clang-10+0x16b0365)
 #7 0x00000000016b047c
clang::CodeGen::CodeGenFunction::generateThunk(llvm::Function*,
clang::CodeGen::CGFunctionInfo const&, clang::GlobalDecl, clang::ThunkInfo
const&, bool) (/usr/local/bin/clang-10+0x16b047c)
 #8 0x00000000016b08f6
clang::CodeGen::CodeGenVTables::maybeEmitThunk(clang::GlobalDecl,
clang::ThunkInfo const&, bool) (/usr/local/bin/clang-10+0x16b08f6)
 #9 0x00000000016b0c4f
clang::CodeGen::CodeGenVTables::addVTableComponent(clang::CodeGen::ConstantArrayBuilder&,
clang::VTableLayout const&, unsigned int, llvm::Constant*, unsigned int&)
(/usr/local/bin/clang-10+0x16b0c4f)
#10 0x00000000016b1199
clang::CodeGen::CodeGenVTables::createVTableInitializer(clang::CodeGen::ConstantStructBuilder&,
clang::VTableLayout const&, llvm::Constant*)
(/usr/local/bin/clang-10+0x16b1199)
#11 0x000000000172ec21 (anonymous
namespace)::ItaniumCXXABI::emitVTableDefinitions(clang::CodeGen::CodeGenVTables&,
clang::CXXRecordDecl const*) (/usr/local/bin/clang-10+0x172ec21)
#12 0x0000000002c000d9 clang::Sema::DefineUsedVTables()
(/usr/local/bin/clang-10+0x2c000d9)
#13 0x00000000029e3fee
clang::Sema::ActOnEndOfTranslationUnitFragment(clang::Sema::TUFragmentKind)
(/usr/local/bin/clang-10+0x29e3fee)
#14 0x00000000029e4284 clang::Sema::ActOnEndOfTranslationUnit()
(/usr/local/bin/clang-10+0x29e4284)
#15 0x00000000028dd47e
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool)
(/usr/local/bin/clang-10+0x28dd47e)
#16 0x00000000028d85ad clang::ParseAST(clang::Sema&, bool, bool)
(/usr/local/bin/clang-10+0x28d85ad)
#17 0x0000000001ae7c99 clang::FrontendAction::Execute()
(/usr/local/bin/clang-10+0x1ae7c99)
#18 0x0000000001a8b5a0
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/local/bin/clang-10+0x1a8b5a0)
#19 0x0000000001b805bb
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/local/bin/clang-10+0x1b805bb)
#20 0x000000000087d7ff cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/local/bin/clang-10+0x87d7ff)
#21 0x000000000087c0cf main (/usr/local/bin/clang-10+0x87c0cf)
#22 0x00007f45d3480830 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20830)
#23 0x00000000008792c9 _start (/usr/local/bin/clang-10+0x8792c9)
clang-10: error: unable to execute command: Segmentation fault (core dumped)
clang-10: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 10.0.0 (trunk 373424)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/local/bin
clang-10: note: diagnostic msg: PLEASE submit a bug report to
https://bugs.llvm.org/ and include the crash backtrace, preprocessed source,
and associated run script.
clang-10: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-10: note: diagnostic msg: /tmp/web_connection_base-8ca7e8.cpp
clang-10: note: diagnostic msg: /tmp/web_connection_base-8ca7e8.sh
clang-10: note: diagnostic msg: 

********************

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191026/d0f17a40/attachment.html>

More information about the llvm-bugs mailing list