<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=http://email.email.llvm.org/c/eJztWVtv2zYU_jXyC2FBF8uXBz84cZy1aLciabvuyaCkI4kLJWokVcf59TuHci7OajfpMKDAHAiSKJIfz_Ujc5yqfDt_40WTmlm9FU3JrGJFd3fHMpUDsxW3rDNgGGem4hpyJkWqud72XZlqLBeNYXUnrfgK2gjV4KCiazKLr8ZnHyt4PlUgnDQKZ9etkNixEbZi3jjIJG9KfDLe5NQeFoY3woo78OIlSQUav_pesPSCRX__vYLmiei6wxau2A9mcAtZZ3kqgQmUVnNToS5G1bCpQANLoVD4QNAa1cCHF50z0UOkagPSMFW4Vr5teC0y1KG5Ae2zNyzjDdrNshIsWqdUKmcpz26s5hkQBqKVeUrapJ2l1lcuSy2anD6VaCzD_uqEBZyconC4jmhQmpqT4bx48VRLkqy_-ma8xCsMx9NgOu4b7D3UWQXZDWnAWQ21QkuD1kqzHCxkVunDk89Vu9WirFDOaHruRTMWBUE0jIJw4vDQHZe_fmKXH96hyjl9SrfsbScFb9g1bLjOGVlB-oeX-GTIRZ93NhjGfpj4vaPfifTzxRcvPmMayH8uGoYVQ2NgiNwLRsY5pkBdIxaajfletLJg7NrFJMbcmoLh8NTDPW-7uqWgIv-LBt0ncsbzXIPBGLLcYuSqPlYauLUUGnAYDP8wYYLbMEjGJKYXr3bXsSlo5uB2FAQXSTKjWSCLdc2zCpdaa5Cc_JXL4e6TX-GYOMYonr0adRfg61ytr-6B1RDXcKBhPHkt6DqXJKLK0FBrlf6JIbiT1n31MxwUJclLYUdJ5GARlXKVoLSVeQ8TjV-KE56fY2rtxDNbk0O7Rl_qe9n6TzvhopcKFwWjswdQQlsXouFyT8jRaPbDcHtASfxioDAMJnvBRkDOeKvOaLxjeuD9djpej0dDDODudlg2HXXkw8iPQ9-o42stdvnQBzZRe6MsZQcxUU8VNZfob2oxzGjSBDJorNwSzxQawA38gfw83PNBq4yksqBrdIQl6nG0kkPBkRYYd9sTka4RJXkqDEmy6zeX1xeXn4-rfMZz1hKwod3OOJ6qedsiHWgoCRYTne_Z5UQLJ1r4P9HCf7RzYgi_MkXOpsvlakmz7k8DnvNzUfO1qFuJekuFZ06kqUIqbh9e6GhrsLl40rUgwvKSswynAPMFnXK9ZPlovAoPlvgA3eD5Ay200tBq1dtz7zTyXVo9pfgpxX_uFN_b-ePgtPN_a-ePj_zDdqK1E62daO1no7XDPb9cLD6w60_v3y-u_ngsz3xbXKr_dAYoweFWWJI4QB0sGOrBV4yXG3MMwiqL5q6AtwjES-ghHJ8ayt3A8efutUd2nXS2-hHtFnK3Wi8a21B5jJbI2XCIzM4kcPzM8WurkP5SeeTEdrhnhYwphbGurtbXpXAFqgKZrm2JN7HpqlZOtceCEOk_PGKxi6ur366euIdFOxhUQtXYolIlnjUNBczjWr1Z3ZAnJPOs2ubufZGUW-uYqWScKLMnwmSJmJW1raG4iFZ4lShyl_qZqin05Nf7xxDHE3FgsxCS_LeazKbRiNiop1Uf08Mv74iTM44h5DYvu1EM-0rNa-PCfxzslbiopIgy0FjVWVf9FD39o_0MYe0qqv8sjLmS6v3kpzMNlG7HpOk--_hQriVB0SnCslx9p0wZjdj5ly_koWjVcnRitHL7R1_njc7wcuW6tBNIBaY6Yv6PKPh9pdhNZ2HklApjf5DP43wWz_iAd2gAPd_tVMjLzaDTcv5q3-AG3znnJHESB4NqnmbTaTINZpNgFoTRbBzEPIyLERRJPsuLWTqQPAVp5hgTXhQ1sGEOAt8xOgb_XgIxj4IIL1w8SkajxOf5JJyNppDnxZRPAu6NAsBtRPqE4ytdDvTcQaZdabDTJd1jJzd0-gFwAqOEVlgJ8zPkeL19Vpf_RhH-oZK-oeq7K4ljEpf0S4B9_lPAfu1_4PSaO6X-Bpxo3Tw>53530</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Binary compiled with -fsanitize=fuzzer crashes when linked against multiversioned shared library
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          ernesto-ren
      </td>
    </tr>
</table>

<pre>
    I'm trying to fuzz code that uses a shared library that contains multiversioned functions. The shared library is also compiled with `clang` and `-fsanitize=fuzzer`.

When trying to run the fuzzer executable it crashes somewhere before `main`, in the bowels of the dynamic linker. I can't get a good backtrace in `gdb` but `valgrind` gives quite a bit of information:

```
==1168086== Memcheck, a memory error detector
==1168086== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1168086== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1168086== Command: ./test_multilib_fuzz
==1168086== 
==1168086== Jump to the invalid address stated on the next line
==1168086==    at 0x1056: ???
==1168086==    by 0x400E559: elf_machine_rela (dl-machine.h:330)
==1168086==    by 0x400E559: elf_dynamic_do_Rela (do-rel.h:137)
==1168086==    by 0x400E559: _dl_relocate_object (dl-reloc.c:255)
==1168086==    by 0x4004529: dl_main (rtld.c:2265)
==1168086==    by 0x401CC3A: _dl_sysdep_start (dl-sysdep.c:252)
==1168086==    by 0x400204B: _dl_start_final (rtld.c:449)
==1168086==    by 0x400204B: _dl_start (rtld.c:539)
==1168086==    by 0x4001107: ??? (in /usr/lib/x86_64-linux-gnu/ld-2.31.so)
==1168086==  Address 0x1056 is not stack'd, malloc'd or (recently) free'd
==1168086== 
==1168086== 
==1168086== Process terminating with default action of signal 11 (SIGSEGV)
==1168086==  Bad permissions for mapped region at address 0x1056
==1168086==    at 0x1056: ???
==1168086==    by 0x400E559: elf_machine_rela (dl-machine.h:330)
==1168086==    by 0x400E559: elf_dynamic_do_Rela (do-rel.h:137)
==1168086==    by 0x400E559: _dl_relocate_object (dl-reloc.c:255)
==1168086==    by 0x4004529: dl_main (rtld.c:2265)
==1168086==    by 0x401CC3A: _dl_sysdep_start (dl-sysdep.c:252)
==1168086==    by 0x400204B: _dl_start_final (rtld.c:449)
==1168086==    by 0x400204B: _dl_start (rtld.c:539)
==1168086==    by 0x4001107: ??? (in /usr/lib/x86_64-linux-gnu/ld-2.31.so)
==1168086== Jump to the invalid address stated on the next line
==1168086==    at 0x1030: ???
==1168086==    by 0x4B8DDFD: multilib::fma_impl(long, float, float const*, float*) [clone .ifunc] (in /home/ernesto/repro/libmultilib_fuzz.so)
==1168086==    by 0x400E559: elf_machine_rela (dl-machine.h:330)
==1168086==    by 0x400E559: elf_dynamic_do_Rela (do-rel.h:137)
==1168086==    by 0x400E559: _dl_relocate_object (dl-reloc.c:255)
==1168086==    by 0x4004529: dl_main (rtld.c:2265)
==1168086==    by 0x401CC3A: _dl_sysdep_start (dl-sysdep.c:252)
==1168086==    by 0x400204B: _dl_start_final (rtld.c:449)
==1168086==    by 0x400204B: _dl_start (rtld.c:539)
==1168086==    by 0x4001107: ??? (in /usr/lib/x86_64-linux-gnu/ld-2.31.so)
==1168086==  Address 0x1030 is not stack'd, malloc'd or (recently) free'd
==1168086== 
==1168086== 
==1168086== Process terminating with default action of signal 11 (SIGSEGV)
==1168086==  Bad permissions for mapped region at address 0x1030
==1168086==    at 0x1030: ???
==1168086==    by 0x4B8DDFD: multilib::fma_impl(long, float, float const*, float*) [clone .ifunc] (in /home/ernesto/repro/libmultilib_fuzz.so)
==1168086==    by 0x400E559: elf_machine_rela (dl-machine.h:330)
==1168086==    by 0x400E559: elf_dynamic_do_Rela (do-rel.h:137)
==1168086==    by 0x400E559: _dl_relocate_object (dl-reloc.c:255)
==1168086==    by 0x4004529: dl_main (rtld.c:2265)
==1168086==    by 0x401CC3A: _dl_sysdep_start (dl-sysdep.c:252)
==1168086==    by 0x400204B: _dl_start_final (rtld.c:449)
==1168086==    by 0x400204B: _dl_start (rtld.c:539)
==1168086==    by 0x4001107: ??? (in /usr/lib/x86_64-linux-gnu/ld-2.31.so)
==1168086== 
==1168086== HEAP SUMMARY:
==1168086==     in use at exit: 0 bytes in 0 blocks
==1168086==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==1168086== 
==1168086== All heap blocks were freed -- no leaks are possible
==1168086== 
==1168086== For lists of detected and suppressed errors, rerun with: -s
==1168086== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
```

I'm attaching a [repro](https://github.com/llvm/llvm-project/files/7982437/repro.tar.gz) case with two programs: `test_multilib` (without fuzzing, runs) and `test_multilib_fuzzer` (with fuzzing, segfaults). To compile/run it do:

```
$ CXX=/path/to/clang++ ./build.sh
```

Tested with clang 12 and 13.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJztWFtv2zYU_jXyC2FBoiRfHvzgxHHWot2KpO26J4MSKYkLJXokVcf59T2Hci7OajcpMKDAHAiWePt4rh-Zk2u-nb0J6LghzmxlWxGnSdnd3ZFCc0FczRzprLCEEVszIzhRMjfMbPuhQreOydaSplNOfhXGSt3CpLJrCwefNiQfa_F8qQQ4ZTWsbtZSwcBGupoEo6hQrK3gTVjLsT0sLWulk3ciSBYolTDQGwbRIojm_e-ftWifiG46aMGO_WQibkXROZYrQSRIa5itQRerG7GphREkF6WGF4A2oAa8AnpOZA-R641QlujSt_i2ZY0sQIf2RpiQvCEFa8FujlTCgXUqrTnJWXHjDCsEYgBaxXPUJu8ctr4yVRnZcuyqwFiW_NNJJ2BxDsLBPrIFaRqGhguS-VMtUbL-6ZvJAp44Hk2iyahvkPeiKWpR3KAGjDSi0WBpYYw2hAsnCqfN4cXner01sqpBTjo5D-iU0CiiQxrFY48H7rj8_RO5_PAOVObYlW_J205J1pJrsWGGE7SCCg9v8cmiiz7vbDBMwjgLe0e_k_nniy9BckaMQP_5aBjWBIwBIXIvGBrnmAJNA1hgNhIGdOmEdSsfkxBzKwyGw0sPj7ztmjUGFfpftuA-yQnj3AgLMeSYg8jVfay04tZhaIjDYPAHCRPdxlE2QjGDZLl7ji0BM0e3aRRdZNkUVwlVrhpW1LDVygjF0F9cDXddYQ1zkgSiePpq1F2Ar7heXd0D6yHs4UHjZPxa0BVXKKIuwFArnf8NIbiT1veGBUyiWfZS2DSjHhZQMVcRyjjFexg6eilOfH4OqbUTz24tF-sV-NLcy9Z37YSjLxWORunZAyiirUrZMrUnZJpOfxpuDyhLXgwUx9F4L9gQyBtv2VkDv5Ae8Hs7Ga1G6RACuLsdVm2HA3xIwyQOrT6-13yXD31gI7W32mF2IBP1VNEwBf7GFoGMRk1EIVqntsgzpRHCT_yJ_Dw88sHoAqVywjTgCIfU42mFi5IBLRDmjyckXSsr9FQco2TXby6vLy4_H1f5jHGyRmCLp531PNWw9RrowIgKYSHR2Z5dTrRwooX_Ey38RycnhPArU-RsslgsF7jq_jYQeD-XDVvJZq1Ab6Xhzgk0VSrN3MMHXm0tNOdPhuZIWEF2VsASQUKJt9wgWzwar4aLJbyEaeH-ARZaGrE2urfn3m3kh7R6SvFTiv_aKb538ifR6eT_3smfHPmH7URrJ1o70dqvRmuHR367mH8g15_ev59f_fVYnvm-uFj_6azABBe30qHEEejghMUR-IR4ubHHIJx2YO5asDUAsUr0EJ5PLeZu5Plz99kj-0G8W_2MdnO1260XjWywPIZbcDIcArMTJRh0M-hda6C_XB25sR0eWQJjKmmdr6v1dSnYAatAtluvkTeh6atWXrXHghDqPzxisYurqz-unriH0B0MKKEbaGGpEu6aFgPmca_erH7KE5J5Vm3zv32RlDnnmakiDCmzJ8JsAZi1c2uLcUGX8FQgcpeHhW4w9NTX-9cQ5iNxQLOUCv23HE8nNEU26mk1hPQIqzvk5IJBCPnDy200gbHKsMb68B9FeyUuLCmCDDhXd85XP2VP_2A_i1i7iuq_C2O-pHq_-OlKKyp_YuLykHx8KNeioOAU6QjXPyhT0pScf_mCHqLLNQMn0qU_P_o6Lz2Dx5fr8k4CFdj6iPk_guD3lWK_nMTUKxUn4YDPEj5NpmzgpFNidgZUZbbPysvfqSU_FIQ3WET2lV2IxQoL2u55RXu_hD3ojJq92uNwbei8y7MkS6JBPUvL0SgrxkUMcZykWTpJEpbSHNoxL2NBB4rlQtkZRFpAaSs2xEPAN8TcQM5oROGJYkqzNM1CxsfxNJ0IzssJG0csSCMBR4sKUY5Qm2pgZl6kvKssDPpEfBxkFm9EQvjtAJ91EE1mtjv24ZBrB377mRf_G9iox4E">