<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/156936>156936</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            libFuzzer freezes when ulimit max file sets to a high value (happens in docker environment)
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          xx24678
      </td>
    </tr>
</table>

<pre>
    Recently I was trying to test some fuzzers. The build environment requires a lot of dependencies so I decided to go with a docker setup. Everything worked fine until I ran the fuzzer: the moment it prints the newly discovered function names, or a crash happens, it hangs there *almost* forever.

After spending the whole afternoon debugging the issue, I found the following facts:
1. docker sets the "max open files" ulimit to a really high value (1073741816 on my setup)
2. libfuzzer tries to close all the possible file handles when a subprocess exits.
3. when printing discovered function names, or a crash happens, a subprocess is exiting.

All three together causes the freeze behavior -- it's not freeze but rather waiting for the subprocess to call close syscall for 1073741816 times. After manually change the "max open file" value by running "ulimit -n" the issue disappears.

Here is strace output when the hang happens:
```
925   mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f71a8045000
925 munmap(0x7f71a8045000, 4096)      = 0
925   munmap(0x7f71a8046000, 16384) = 0
925   stat("/usr/bin/llvm-symbolizer-14", {st_mode=S_IFREG|0755, st_size=56104, ...}) = 0
925   pipe2([4, 5], 0)                  = 0
925 pipe2([6, 7], 0)                  = 0
925   fork() = 986
925   close(6)                          = 0
925   close(5 <unfinished ...>
986   close(0 <unfinished ...>
925   <... close resumed>) = 0
986   <... close resumed>)              = 0
925 nanosleep({tv_sec=0, tv_nsec=10000000},  <unfinished ...>
986   dup2(6, 0) = 0
986   close(6)                          = 0
986 close(1)                          = 0
986   dup2(5, 1) = 1
986   close(5)                          = 0
986   prlimit64(0, RLIMIT_NOFILE, NULL, {rlim_cur=1073741816, rlim_max=1073741816}) = 0
986 close(1073741816)                 = -1 EBADF (Bad file descriptor)
986 close(1073741815)                 = -1 EBADF (Bad file descriptor)
986 close(1073741814)                 = -1 EBADF (Bad file descriptor)
986 close(1073741813)                 = -1 EBADF (Bad file descriptor)
986 close(1073741812)                 = -1 EBADF (Bad file descriptor)
986 close(1073741811)                 = -1 EBADF (Bad file descriptor)
986 close(1073741810)                 = -1 EBADF (Bad file descriptor)
```

The offending code is [here](https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp#L549C19-L549C26):
```
# if SANITIZER_FREEBSD
    internal_close_range(3, ~static_cast<fd_t>(0), 0);
#  else
    for (int fd = sysconf(_SC_OPEN_MAX); fd > 2; fd--) internal_close(fd); <=== HERE
#  endif
```
It doesn't necessary to be a bug in the libfuzzer runtime code, but some improvement (or at least a warning message) can make this issue less annoying/confusing.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJysV0uT4jgS_jWqSwaEkTG2Dxx47hDRXd1B1-zr4hB2GrQtS15JhqIO-9s3Ugaa6qqZ6JlpoqLATuXry5Tyk3BO7jXilCVzliwfROcPxk6fn_l4kmYPO1Odp1ssUXt1hg2chANvz1LvwRvw6Dw40yDU3csLWjeEpwPCrpOqAtRHaY1uUHuw-N9OWnQgQBkPpoYKW9QV6lKiA2dgAxWWssKK7O4NnKQ_gIDKlF_RgkPftUNYHdGe_YG8n4z9ihXUUiN02ksFG7BCgz9cg2HxLDw1JoQgPbRWau_CS40ndYZKutIc0ZKhTpdeGg1aNOgYX4CxIKC0wh3gINoWdXgrPRyE3gcrFoHxmVCNcZ7xGdTG4hHtkEUzFs1mtafIKc0A1wHhdDAKQZBAG6Ohwl2331-l0rkOyccGatPpqs_FKGVOtKQWpXcsJtOj4R0wfUKM80Y8g2lRQy0VpcChU7KRnhAVYFEodYaD3B_gKFRHKtkoSuN0PMpGEzAamnMPNOM5i2Z8CErueizBW6qTN1Aq4xCEUsFra5yTO4XBJQFTKXRwOqAGAa7btdaU6Bzgs_SOcImHvTSUgrL6EyV4ZVn2xqXeX2EPoVlE8GaPVCUoReewh6m2iC8IOzyIozQWBgOQnvHUgTb-Ju08WBFUTyLYptIG_TvPBAbh0CPizi480cI7VL1s0A2h74VG6C4UoaQWwnfrRmXry7M7g-20Ju-M80spB5oW3LqF4CNghHWX9H-hrpQOnLeiRDCdbzvfY05a5PiGZeglNokuf9Es5wkANI1oGc8ef_3wgeAeR_mEvj9vPz0V29VsydJF-P2P7eZpRZKPs8_F5-3m77OnFUsX9DR7_PT4r4-ffv1C4sGI_keM58DiJUTPaZ2ORBaNkyi6em063Xv9Tnrzn0P4BAPfIn2rNblojSZxNr65vGk4LzzjGeOc8XXnLOPrndSMr5U6NgN3bnZGyRe0g9E4rFkAS-fOF42pkMXLL8VmvV39jaWLKE0SEjtfOPlCsmQyisb0ajgcsnT51ncrW-TkPJmHdQlLljdk3nzude80QynSH9YEasivIeM-nDyb3EShcxnPJu-aed_cVScBFi86XUst3QGrkHS8omXZ5G5Z9JvLgjUWL4bD4WULWXRdgxXJ77EL9n5n4W8Gq4U2TiFSg7B07o-Fw5LFy9Af_ljo_nEU9Z9QswX8fl5V1_IesfuOfpP2DyKaTW4aox_WuAUR-m90DWL0JojkD5hsbThfJmOqGdndfth83DwVj5_Wmw9hk1-PA5bOaW1RdjaAdz3qSBYEjXh-LfhuL9wnfaf9NlTSGIxgNZ8t1zSs5qLq50yFrrSy9cb2k-pdk-9m_9dMjn--yfjnm-Q_3-S7zfnXTL57dP2wyfuhxaIZkU5T1xemVZoqjECWzImjhbMyO3jfhonH14yv99Ifut2wNM3l6L9OgNaa_2DpaSwos2N83YgwHkrTtFKhHViSKUkiJ7T0NCyK0jSN0a9etcbJ50LJXVlhOyzblvH4QzLOF6N8EL459fzbEcx4DLKGL7PHzdPm36ttsd6uVvMvSxbNCCGpiTsKVQRAC0s8gvEspt33PxpusixK4TyLF3VV-HBE0obOrwcWi-cXL4DK4cUssRbGM6k91FUoA_EZo2vGs-LLovj0efVYfJz9szfQr1kB738PBlTL15ExntXVZTWLFyxe9n_wy2q7ugWgK1l_l__GQ2XQacZTDxqJaQl7JrK1QxCw6_YgeyrzjZxaugA0GApPeRJ_C7cS2bTWHDHwf8YzopMeFArnQcBJ2ECuGnJBKOZQCg2N-ErMTLoLw1LE9YTWhi49oRN03Tnimw_VNK7yOBcPOB2lSRpF6TiLHw7TqMxEGWVVOamzmldRVGd1jjxPJnk9mWTRg5zyiCdRHo1HaZxFfJgndR7XWRnzTEziKGHjCBsh1ZCacmjs_iEEMx0lkzyePCixQ-XClY1zjafr1YHTDc5OQyfvur1j40hJ5903M156hVMld-seup7xXij7hWMSHw27rr9c0OXh9a3hwh-pEJdryN1dj_H8obNq-oc3XMjBMb6-JHmc8v8HAAD__ynNQ3c">