<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/57556>57556</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            libfuzzer memory problem by pthreading
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          cybercyto82
      </td>
    </tr>
</table>

<pre>
    Hello,

i have discovered a libfuzzer memory problem, if phreads are used. The log shows the problem and a test.c file is under the log.

Where is the problem?

Used clang version: 13.0.1


Greetings,
Robert

#########LOG#######

╰─➤  clang -fsanitize=fuzzer,address   test.c                                                                                                                     1 ↵
╰─➤  ./a.out                                   
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1237427910
INFO: Loaded 1 modules   (2 inline 8-bit counters): 2 [0x7b0f10, 0x7b0f12), 
INFO: Loaded 1 PC tables (2 PCs): 2 [0x574010,0x574030), 
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2      INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb
#131072 pulse  cov: 2 ft: 2 corp: 1/1b lim: 1300 exec/s: 43690 rss: 231Mb
#262144 pulse  cov: 2 ft: 2 corp: 1/1b lim: 2611 exec/s: 37449 rss: 268Mb
#524288 pulse  cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34952 rss: 339Mb
#1048576        pulse  cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34952 rss: 484Mb
#2097152        pulse  cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 33825 rss: 798Mb
#4194304        pulse  cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34379 rss: 1025Mb
#8388608        pulse  cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 33825 rss: 1849Mb
==15278== ERROR: libFuzzer: out-of-memory (used: 2050Mb; limit: 2048Mb)
   To change the out-of-memory limit use -rss_limit_mb=<N>

Live Heap Allocations: 24204092 bytes in 42 chunks; quarantined: 1713907 bytes in 58520 chunks; 4623266 other chunks; total chunks: 4681828; showing top 95% (at most 8 unique contexts)
24120848 byte(s) (99%) in 10 allocation(s)
    #0 0x5276ed in malloc /home/abuild/rpmbuild/BUILD/llvm-13.0.1.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0x43b60a in operator new(unsigned long) cxa_noexception.cpp
    #2 0x475022 in main /home/abuild/rpmbuild/BUILD/llvm-13.0.1.src/build/../projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #3 0x7f2333cf92bc in __libc_start_main (/lib64/libc.so.6+0x352bc)

MS: 3 ShuffleBytes-ChangeBit-ChangeByte-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
0x2a,
*
artifact_prefix='./'; Test unit written to ./oom-df58248c414f342c81e056b40bee12d17a08bf61
Base64: Kg==
SUMMARY: libFuzzer: out-of-memory
       


############test.c file ##############
#include <pthread.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>


void *sicct_cmd_thread(void *args) {
    return NULL;
}

//int main() {
int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {

        pthread_t cmd_thread, tx_thread  ;

        int i =0;
        pthread_create(&cmd_thread, NULL, sicct_cmd_thread, NULL);
        pthread_join(cmd_thread, NULL);
        pthread_cancel(cmd_thread) ;

    return 1;
}
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzFV1tv2zYU_jXyC2GBN90e_BDHcRssaYek3bAng6Iom50sahKVOP31O6RkR04vS4FuMwyJEg-_c78oN8XT4q2qKhPQywCvAnwxXDXaiQeFCt1J86BaVSCBKp2X_efPqkV7tTftE2pak1dqD0eRLlGza5UoOiRahfpOFSH6sFOoMlvU7cxjhyw8jSeQqB2gVZ0NJSp1pZDuUF8XgG2HQ-FUmt93IIIjmWAEbD0l-QgckaxEvUUgb6dNHbALRFiIQzKlG65vWqWsrrfdSe07k6vWnlFS9q3_zfs3X9-aHr-iQRYFS-wXPEiHxVVwwdEo6LzsRK2t_qwCthpMC_KIomhV1yF0tM__8SPISZvGwTJ6hTphQNciNL19BfIAd_1u_d456K6va_ADetR2h1RtW9NoiRrzCJHQyZ0qeoiNgKb4sF67OCMYBzQLz0HulSq8tylLOE0ygs_3b4woIDoI2huH50wLkBTputK1Quk81xZJ09cWIgfg3RmKgmiJD0mOS4ADzuOaun14_AaHXy-RFbnj4Tn8evkCL0o49njDkuGvws334rCpVO1CvjbWhfyDLpySS5eF6yELH3VV-e2tqlUrLGRI3fS2Q5Votz6TRI04zmKUP0EonbO4AIXbpu--YAHCdFa0LjtQ2RqXq0jtG_s0HjglBx38ef3u-sPVCjYfBjVLO9wdtXcKxAbJkTooCavOvcKo7fyC4dv8hEcYwQlFTV91Cv0jXqX3Q4JjfIbNWZyd8AF0woDGlHD-gwxoTMgZAwgxnp0YxOmEQUQ5TdMfZOAddMaAZxE9WYhlUxNhnkZJfEyln8mIp3xqKpwlJKI_ixFLaXRklGRTk3GScYb5T9OIJSffEEyjCaeUpWmM039DJZLyZy-xFfzBdkk6LNHV3d37O0d2ylz3AMVybsr52EmhWLiW6UXAkcsKn-l7PUgFbodXUCk8C5D-g0ESsnurfEc8x_LHXAdGc5Bv4x83-9xLc_kuYFfTLnWjocu_VaJBFzAESGGhcQ6RzYErzuhQO6CyIA7G2fX1n52T7a9etKKGIjFW3oSwDCfPxFEaUTyh57HLvxgZkLedvLfGiur0DIaOU5LS1G25qcEVIWsaBJ0HzA1WEhaKeGdRCtOC_qtX4C-o2gfbnaxDOaE45amXBU64HXcygzobuTVIRzASJ3VHmpNtgZhhKPfgwhhqOpDvPTG8X-_MXrlel_e6glK5bpv9cbn8eH2zgntVPeznw9wRdq0LmCNF6Nok1NlPSjp519LsGxh92jnMHXBO5w4ZJoLxthnYggPr_hDKxoUl8c2EnclKQFbO8hgLJ6tpXCswLarVo4uqutNbcBKMVPXWaS8PYlMbdZCqccp73CkadWhJhCkdNIfLf6H3cfpZDxlyC3xHlSl2euMzIZnrxiXcmSwzmksn6gYMlcuN712bUe50wI_5cJdhZ8I4oNCHoVbn8uT14Xp77zMb3e_6sqzU0sXy_NKn2VLb4wrezl145gIyDILQZ6goZMpykqkkg6pKciJjJXBZpDmPZZGVjKooo6UcGOEDFc_zNh3Zu55bCmk3TatKfXD5ShNnOrg5hh9gGvQM0WOrrYXpwBo_eRmznxdllFKeSk54yTiVKVE4inOOc6UILUgicJqX8TgKL0F2MAoI_st2qFLD-_uPt7cXd398v1g9e-I0zb1ybD79p4P_a-jPpmvKdC2rvoCj7LKx_qsj3L2oa-dUnS20mdK83AVtv7PdQhn6koO_PhhdgAoXnZbgObkvNoNAEHvHLRjGhhqULJ9N1yrbtzV69_HmBnw7IiarcxXA82tdW5-FPpgnIO79zc1vt4OTXGy8r9W1m_-AEoqij5Ux96FVtE6SlbDCz3fwxbGx6N59eEwxJzmGs9GyQDfVCsbbw_gAVOyLg-7nRNOwucITghOehKsvzAGNz5G9Mbx4L2153Mu-BvjJeOu8ml6KWqrqxYnsa8qMTiJTD83UgsTQzKIkYsmsWLAiY5mYWW0rtfjWFzL0IjSyh1Ca9W212FnbuI43eHkLnz99HkJlHCvpsaCOZdMFQtf1ypVP4BzFs91CRJIoJQsWlbksVFmoXLG0VDQvMJhWzCqRq6pbwHdHQCm0A-QhYB1Eq5leUKjxOINpI4JmnYQRi2JRZAUukiTKiAg4VhB4VejkCE27nbULL1LeQzxzXOnOds-bovPBpjw7wBe93Zl2IZ_gs1o-WZPSmWe_8OL_DQ2YorA">