-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NSS startup crash #321
Comments
Yeah, I was thinking that too, I tested it before filing the PR. So we had to work around a few issues here, trying to create a static NSS build. NSS usually isn't built that way, and maybe there's something wrong still and it's trying to load some DSO? |
Does ClusterFuzz use the same base-runner image that's here in the repository? |
What would be a good way to debug this? Is it possible to get an strace of the fuzzer run? Or maybe we'll get it to somehow reproduce locally. |
So, this is a minijail sandboxing issue, Oliver can take a look. The binary runs fine on the bot without minijail. |
@ttaubert - does hash fuzzer writes any temp database anywhere like user home, etc (as part of NSS_NoDB_Init) ? I think that could be the reason for this initialization failure. |
@ttaubert - see https://github.com/google/oss-fuzz/blob/master/docs/fuzzer_environment.md#file-system, can you modify code to write database in /tmp. everything else will be read-only. |
We currently hard-fail when seeding from /dev/urandom fails, and we assume that this might be the cause. We seed from urandom but never use it because we have a deterministic PRNG for fuzzing. We now simply skip seeding in "fuzzing mode". The latest NSS revision has the fix, can you please try again on ClusterFuzz? Thanks! |
I've just kicked off the NSS build. In 1-2 hours we'll see how it's going on CF. |
Ok now fixed. Command: /mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_nss_c7f62f1d50ead7b467de2ea6701001cb50f4098f/revisions/hash -max_len=6048 -rss_limit_mb=2048 -timeout=25 -artifact_prefix=/ -max_total_time=2950 -print_final_stats=1 /new /nss_hash INFO: Seed: 1888960566 |
Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.7.3 to 1.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/osv-scanner-action/commit/ba0b4d196d231340e0ae94ae00933c8be0984192"><code>ba0b4d1</code></a> 1.7.4 release (<a href="https://redirect.github.com/google/osv-scanner-action/issues/24">#24</a>)</li> <li><a href="https://github.com/google/osv-scanner-action/commit/37531d8939a19a3e55d45f3f021b69fc5d9892db"><code>37531d8</code></a> Fixes <a href="https://redirect.github.com/google/osv-scanner-action/issues/21">#21</a> (<a href="https://redirect.github.com/google/osv-scanner-action/issues/22">#22</a>)</li> <li><a href="https://github.com/google/osv-scanner-action/commit/8d8993e00c6110d3d337dcc764c5c23596092811"><code>8d8993e</code></a> Fix configuration not found warning when using unified gh workflow (<a href="https://redirect.github.com/google/osv-scanner-action/issues/20">#20</a>)</li> <li><a href="https://github.com/google/osv-scanner-action/commit/fe5d4dafd2a6f178413f5c0fe2591b2904ececc2"><code>fe5d4da</code></a> Update workflow files (<a href="https://redirect.github.com/google/osv-scanner-action/issues/18">#18</a>)</li> <li>See full diff in <a href="https://github.com/google/osv-scanner-action/compare/75532bf0bf75464b047d80414dbce04449498365...ba0b4d196d231340e0ae94ae00933c8be0984192">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.7.3&new-version=1.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Weird that this is only reproducing on ClusterFuzz and not on Docker container locally with fuzzer hash in nss. @ttaubert - any clues ?
hash: ../../fuzz/shared.h:21: NSSDatabase::NSSDatabase(): Assertion `NSS_NoDB_Init(nullptr) == SECSuccess failed.
ASAN:DEADLYSIGNAL
==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f8fb75f9418 bp 0x000000c06760 sp 0x7ffcca718ea8 T0)
SCARINESS: 10 (signal)
#0 0x7f8fb75f9417 in gsignal
#1 0x7f8fb75fb019 in abort
#2 0x7f8fb75f1bd6 in libc.so.6
#3 0x7f8fb75f1c81 in __assert_fail
#4 0x51502a in NSSDatabase::NSSDatabase() /src/nss/fuzz/shared.h:21:19
#5 0x51502a in LLVMFuzzerTestOneInput /src/nss/fuzz/hash_target.cc:19
#6 0x969ee8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:550:13
#7 0x96906d in fuzzer::Fuzzer::ShuffleAndMinimize(std::__1::vector<std::__1::vector<unsigned char, std::__1::allocator >, std::__1::allocator<std::__1::vector<unsigned char, std::__1::allocator > > >) /src/libfuzzer/FuzzerLoop.cpp:477:3
#8 0xa4790a in fuzzer::FuzzerDriver(int, char***, int ()(unsigned char const, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:565:6
#9 0x9c69b8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#10 0x7f8fb75e482f in __libc_start_main
#11 0x41dc68 in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35417)
==1==ABORTING
The text was updated successfully, but these errors were encountered: