<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Kostya,<div><br></div><div>We're seeing the fork-ubsan test hang occasionally on Linux. After 17 runs on my local machine the test hangs. Here's the backtrace of the threads:</div><div><br></div><div>Below "not" I see a process tree like:</div><div>13066 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000<br></div><div>-13080 llvm-symbolizer --inlining=true --default-arch=x86_64</div><div>-13068 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000</div><div>-13067 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000</div><div><br></div><div>I've put backtraces from gdb below. Please could you take a look?</div><div><br></div><div>Thanks</div><div>Russ</div><div><br></div><div><div>13066 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000</div><div>#0  0x00007ffb347549d0 in __GI___nanosleep (requested_time=requested_time@entry=0x7ffff9a61140,</div><div>    remaining=remaining@entry=0x7ffff9a61140) at ../sysdeps/unix/sysv/linux/nanosleep.c:28</div><div>#1  0x00007ffb347548aa in __sleep (seconds=0, seconds@entry=1) at ../sysdeps/posix/sleep.c:55</div><div>#2  0x000000000045f83a in fuzzer::SleepSeconds (Seconds=Seconds@entry=1)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp:132</div><div>#3  0x00000000004369bf in fuzzer::FuzzWithFork (Rand=..., Options=...,</div><div>    Args=std::vector of length 4, capacity 4 = {...}, CorpusDirs=..., NumJobs=<optimized out>)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerFork.cpp:285</div><div>#4  0x000000000042c811 in fuzzer::FuzzerDriver (argc=argc@entry=0x7ffff9a61b8c,</div><div>    argv=argv@entry=0x7ffff9a61b80, Callback=0x5331c0 <LLVMFuzzerTestOneInput>)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:731</div><div>#5  0x000000000041e193 in main (argc=<optimized out>, argv=<optimized out>)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19</div><div><br></div><div>13080 - llvm-symbolizer --inlining=true --default-arch=x86_64</div><div>#0  0x00007f7f48750081 in __GI___libc_read (fd=0, buf=0x7fffd6d97f00, nbytes=4096)</div><div>    at ../sysdeps/unix/sysv/linux/read.c:27</div><div>#1  0x00007f7f486cd148 in _IO_new_file_underflow (fp=0x7f7f48a2ba00 <_IO_2_1_stdin_>) at fileops.c:531</div><div>#2  0x00007f7f486ce3f2 in __GI__IO_default_uflow (fp=0x7f7f48a2ba00 <_IO_2_1_stdin_>) at genops.c:380</div><div>#3  0x00007f7f486bfe62 in __GI__IO_getline_info (eof=0x0, extract_delim=<optimized out>, delim=10,</div><div>    n=1023,</div><div>    buf=0x7fffdf94aa10 "\".../llvm/projects/compiler-rt/test/fuzzer/Output/fork-ubsan.test.tmp-IntegerOverflowTest\" 0x5331c0\n", fp=0x7f7f48a2ba00 <_IO_2_1_stdin_>, fp@entry=0x0)</div><div>    at iogetline.c:60</div><div>#4  __GI__IO_getline (fp=fp@entry=0x7f7f48a2ba00 <_IO_2_1_stdin_>,</div><div>    buf=buf@entry=0x7fffdf94aa10 "\".../llvm/projects/compiler-rt/test/fuzzer/Output/fork-ubsan.test.tmp-IntegerOverflowTest\" 0x5331c0\n", n=<optimized out>, delim=delim@entry=10,</div><div>    extract_delim=extract_delim@entry=1) at iogetline.c:34</div><div>#5  0x00007f7f486bebcd in _IO_fgets (</div><div>    buf=0x7fffdf94aa10 "\".../llvm/projects/compiler-rt/test/fuzzer/Output/fork-ubsan.test.tmp-IntegerOverflowTest\" 0x5331c0\n", n=<optimized out>, fp=0x7f7f48a2ba00 <_IO_2_1_stdin_>)</div><div>    at iofgets.c:53</div><div>#6  0x00007f7f49dbd331 in main ()</div><div><br></div><div>13068 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000</div><div>#0  0x00007ffb347549d0 in __GI___nanosleep (requested_time=requested_time@entry=0x7ffb2f53fdc0,</div><div>    remaining=remaining@entry=0x7ffb2f53fdc0) at ../sysdeps/unix/sysv/linux/nanosleep.c:28</div><div>#1  0x00007ffb347548aa in __sleep (seconds=0, seconds@entry=1) at ../sysdeps/posix/sleep.c:55</div><div>#2  0x000000000045f83a in fuzzer::SleepSeconds (Seconds=Seconds@entry=1)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp:132</div><div>#3  0x0000000000433e33 in fuzzer::WorkerThread (Stop=0x7ffff9a611e7, FuzzQ=0x7ffff9a61270,</div><div>    MergeQ=0x7ffff9a612f0)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerFork.cpp:225</div><div>#4  0x00007ffb3572d57f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6</div><div>#5  0x00007ffb350b76db in start_thread (arg=0x7ffb2f540700) at pthread_create.c:463</div><div>#6  0x00007ffb3479188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95</div><div><br></div><div>13067 IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000</div><div>#0  0x00007ffb347549d0 in __GI___nanosleep (requested_time=requested_time@entry=0x7ffb2fd4fe00,</div><div>    remaining=remaining@entry=0x7ffb2fd4fe00) at ../sysdeps/unix/sysv/linux/nanosleep.c:28</div><div>#1  0x00007ffb347548aa in __sleep (seconds=0, seconds@entry=1) at ../sysdeps/posix/sleep.c:55</div><div>#2  0x000000000045f83a in fuzzer::SleepSeconds (Seconds=Seconds@entry=1)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp:132</div><div>#3  0x000000000041f7aa in fuzzer::RssThread (F=0x617000000080, RssLimitMb=2048)</div><div>    at .../llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:269</div><div>#4  0x00007ffb3572d57f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6</div><div>#5  0x00007ffb350b76db in start_thread (arg=0x7ffb2fd50700) at pthread_create.c:463</div><div>#6  0x00007ffb3479188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95</div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 12 Apr 2019 at 21:19, Kostya Serebryany via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Author: kcc<br>
Date: Fri Apr 12 13:20:57 2019<br>
New Revision: 358306<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=358306&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=358306&view=rev</a><br>
Log:<br>
[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both<br>
<br>
Added:<br>
    compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp<br>
    compiler-rt/trunk/test/fuzzer/fork-ubsan.test<br>
Modified:<br>
    compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp<br>
<br>
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp?rev=358306&r1=358305&r2=358306&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp?rev=358306&r1=358305&r2=358306&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp (original)<br>
+++ compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp Fri Apr 12 13:20:57 2019<br>
@@ -103,6 +103,7 @@ struct GlobalEnv {<br>
   FuzzJob *CreateNewJob(size_t JobId) {<br>
     Command Cmd(Args);<br>
     Cmd.removeFlag("fork");<br>
+    Cmd.removeFlag("runs");<br>
     for (auto &C : CorpusDirs) // Remove all corpora from the args.<br>
       Cmd.removeArgument(C);<br>
     Cmd.addFlag("reload", "0");  // working in an isolated dir, no reload.<br>
@@ -278,7 +279,8 @@ void FuzzWithFork(Random &Rand, const Fu<br>
         std::ifstream In(Job->LogPath);<br>
         std::string Line;<br>
         while (std::getline(In, Line, '\n'))<br>
-          if (Line.find("ERROR:") != Line.npos)<br>
+          if (Line.find("ERROR:") != Line.npos ||<br>
+              Line.find("runtime error:") != Line.npos)<br>
             Printf("%s\n", Line.c_str());<br>
       } else {<br>
         // And exit if we don't ignore this crash.<br>
@@ -298,6 +300,12 @@ void FuzzWithFork(Random &Rand, const Fu<br>
              Env.secondsSinceProcessStartUp());<br>
       Stop = true;<br>
     }<br>
+    if (Options.MaxNumberOfRuns >= 0 && !Stop &&<br>
+        Env.NumRuns >= Options.MaxNumberOfRuns) {<br>
+      Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",<br>
+             Env.NumRuns);<br>
+      Stop = true;<br>
+    }<br>
<br>
     if (!Stop)<br>
       FuzzQ.Push(Env.CreateNewJob(JobId++));<br>
<br>
Added: compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp?rev=358306&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp?rev=358306&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp (added)<br>
+++ compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp Fri Apr 12 13:20:57 2019<br>
@@ -0,0 +1,17 @@<br>
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.<br>
+// See <a href="https://llvm.org/LICENSE.txt" rel="noreferrer" target="_blank">https://llvm.org/LICENSE.txt</a> for license information.<br>
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception<br>
+<br>
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an<br>
+// integer overflow.<br>
+#include <cstddef><br>
+#include <cstdint><br>
+<br>
+static int Val = 1 << 30;<br>
+<br>
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {<br>
+  if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')<br>
+    Val += Val;<br>
+  return 0;<br>
+}<br>
+<br>
<br>
Added: compiler-rt/trunk/test/fuzzer/fork-ubsan.test<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/fork-ubsan.test?rev=358306&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/fork-ubsan.test?rev=358306&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/fuzzer/fork-ubsan.test (added)<br>
+++ compiler-rt/trunk/test/fuzzer/fork-ubsan.test Fri Apr 12 13:20:57 2019<br>
@@ -0,0 +1,6 @@<br>
+# UNSUPPORTED: darwin, freebsd<br>
+# Tests how the fork mode works together with ubsan.<br>
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow<br>
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1  -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK<br>
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'<br>
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div>