Skip to content

ci: run native fuzz with MSAN job #33626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2025
Merged

ci: run native fuzz with MSAN job #33626

merged 2 commits into from
Nov 4, 2025

Conversation

@fanquake
Copy link
Member

@fanquake fanquake commented Oct 14, 2025
edited
Loading

I think this job should exist in this repo (not just qa-assets), if the alternative is double-handling changes to the interpreter. #32998 made changes which were then re-changed in #33600, to work around a false positive.

The unchached runtime of this job with -lg is ~32m, with -md it's ~43m.

Timeout is set to 150m, as the slow GHA runners were close to hitting a 120m limit.

@DrahtBot DrahtBot added the Tests label Oct 14, 2025
@DrahtBot
Copy link
Contributor

DrahtBot commented Oct 14, 2025
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33626.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK dergoegge, maflcko

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

No conflicts as of last run.

@dergoegge
Copy link
Member

dergoegge commented Oct 14, 2025

Concept ACK

@fanquake
Copy link
Member Author

fanquake commented Oct 14, 2025
edited
Loading

This has actually failed in a different way:

+ LD_LIBRARY_PATH=/home/admin/actions-runner/_work/_temp/depends/x86_64-pc-linux-gnu/lib
+ /home/admin/actions-runner/_work/_temp/build/test/fuzz/test_runner.py -j16 -l DEBUG /home/admin/actions-runner/_work/_temp/ci/scratch/qa-assets/fuzz_corpora/ --empty_min_time=60
==11758==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x56180d820d70 in SetArgs(int, char**) /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5
    #1 0x56180d820d70 in LLVMFuzzerInitialize /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:223:5
    #2 0x56180ca378cb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe368cb) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #3 0x56180ca66056 in main (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe65056) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #4 0x7f307471b1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #5 0x7f307471b28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #6 0x56180ca2e264 in _start (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe2d264) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)

  Member fields were destroyed
    #0 0x56180caa53a1 in __sanitizer_dtor_callback_fields (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xea43a1) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)
    #1 0x56180ca28e3e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:903:3
    #2 0x56180ca28e3e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:1208:3
    #3 0x56180ca28e3e in std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, script_verify_flag_name>::~pair() /cxx_build/include/c++/v1/__utility/pair.h:90:8
    #4 0x56180ca28e3e in __cxx_global_var_init.18 /home/admin/actions-runner/_work/_temp/build/src/./script/interpreter.cpp:2167:54
    #5 0x56180ca28e3e in _GLOBAL__sub_I_interpreter.cpp /home/admin/actions-runner/_work/_temp/build/src/./script/interpreter.cpp
    #6 0x7f307471b303 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a303) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #7 0x56180ca2e264 in _start (/home/admin/actions-runner/_work/_temp/build/bin/fuzz+0xe2d264) (BuildId: 1247816ab83eefd9a1d26eb30ceb8bc67293109d)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/admin/actions-runner/_work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5 in SetArgs(int, char**)
Exiting

Looks like #30760?

@maflcko
Copy link
Member

maflcko commented Oct 15, 2025

No objection, but my worry is that the error is not exactly trivial to understand and actionable:

  • In 9cb9651 it was fixed by changing the linker. While the patch looks harmless and is easy to test to fix the issue, I don't think it is straightforward to see why a runtime sanitizer issue is addressed by link-time changes.
  • In ci: Bump msan to llvm-18 #29676 (comment) it was fixed by accident as a side product of a compiler version bump.

So making this task a blocker for all pull requests could mean a pull request is blocked for unrelated and unclear reasons. Maybe that is fine, though, I just wanted to mention it.

@fanquake
Copy link
Member Author

fanquake commented Oct 15, 2025

my worry is that the error is not exactly trivial to understand and actionable:

I agree that it's odd, and I'm wondering why it's not happening (seemingly at all?) in the qa-assets repo?

@maflcko
Copy link
Member

maflcko commented Oct 15, 2025

I agree that it's odd, and I'm wondering why it's not happening (seemingly at all?) in the qa-assets repo?

I can see it happening here: https://github.com/bitcoin-core/qa-assets/actions/runs/18426954137/job/52509387674#step:7:5257:

==11740==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55e39ba5db80 in SetArgs(int, char**) /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5
    #1 0x55e39ba5db80 in LLVMFuzzerInitialize /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:223:5
    #2 0x55e39ac758bb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/runner/work/_temp/build/bin/fuzz+0xe328bb) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #3 0x55e39aca4046 in main (/home/runner/work/_temp/build/bin/fuzz+0xe61046) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #4 0x7f617ba6c1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #5 0x7f617ba6c28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #6 0x55e39ac6c254 in _start (/home/runner/work/_temp/build/bin/fuzz+0xe29254) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)

  Member fields were destroyed
    #0 0x55e39ace3391 in __sanitizer_dtor_callback_fields (/home/runner/work/_temp/build/bin/fuzz+0xea0391) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)
    #1 0x55e39ac66e2e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:903:3
    #2 0x55e39ac66e2e in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::~basic_string() /cxx_build/include/c++/v1/string:1208:3
    #3 0x55e39ac66e2e in std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const, script_verify_flag_name>::~pair() /cxx_build/include/c++/v1/__utility/pair.h:90:8
    #4 0x55e39ac66e2e in __cxx_global_var_init.18 /home/runner/work/_temp/build/src/./script/interpreter.cpp:2167:54
    #5 0x55e39ac66e2e in _GLOBAL__sub_I_interpreter.cpp /home/runner/work/_temp/build/src/./script/interpreter.cpp
    #6 0x7f617ba6c303 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a303) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #7 0x55e39ac6c254 in _start (/home/runner/work/_temp/build/bin/fuzz+0xe29254) (BuildId: 922987ad2b7e961f9d98e26bd1c329dc3b74d487)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/runner/work/_temp/build/src/test/fuzz/util/./test/fuzz/fuzz.cpp:52:5 in SetArgs(int, char**)
Exiting
Traceback (most recent call last):
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 404, in <module>
    main()
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 111, in main
    test_list_all = parse_test_list(
                    ^^^^^^^^^^^^^^^^
  File "/home/runner/work/_temp/build/test/fuzz/test_runner.py", line 390, in parse_test_list
    test_list_all = subprocess.run(
                    ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '/home/runner/work/_temp/build/bin/fuzz' returned non-zero exit status 1.
Command '['./ci/test/02_run_container.sh']' returned non-zero exit status 1.
Error: Process completed with exit code 1.

@maflcko maflcko mentioned this pull request Oct 17, 2025
Merged
@fanquake fanquake force-pushed the add_msan_fuzz_ci branch 3 times, most recently from 9955327 to 1ca3ed4 Compare October 23, 2025 09:59
@fanquake fanquake marked this pull request as ready for review October 23, 2025 10:01
@DrahtBot DrahtBot mentioned this pull request Oct 23, 2025
Closed
@maflcko maflcko mentioned this pull request Oct 28, 2025
Open
dergoegge
dergoegge approved these changes Oct 29, 2025
View reviewed changes
Copy link
Member

@dergoegge dergoegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 3625874

maflcko
maflcko reviewed Oct 29, 2025
View reviewed changes
maflcko
maflcko reviewed Oct 29, 2025
View reviewed changes
@fanquake
Copy link
Member Author

fanquake commented Oct 29, 2025

-md runtime was 43 minutes with no caches (libccxx/depends/cacche).

@fanquake fanquake requested a review from dergoegge October 30, 2025 14:12
@fanquake
ci: use LLVM libcxx 21.1.5
3784d15
@fanquake
ci: run native fuzz with MSAN job
1e6e32f 
Set the timout to 150, to give some leeway to the slow GHA runners, that
were close to timing out with a 120m limit.
dergoegge
dergoegge approved these changes Nov 4, 2025
View reviewed changes
Copy link
Member

@dergoegge dergoegge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 1e6e32f

@maflcko
Copy link
Member

maflcko commented Nov 4, 2025

lgtm ACK 1e6e32f

@fanquake fanquake merged commit 5ffa63d into bitcoin:master Nov 4, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@maflcko maflcko maflcko left review comments

@dergoegge dergoegge dergoegge approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fanquake @DrahtBot @dergoegge @maflcko