Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NSS startup crash #321

Closed
inferno-chromium opened this issue Jan 27, 2017 · 9 comments
Closed

NSS startup crash #321

inferno-chromium opened this issue Jan 27, 2017 · 9 comments
Assignees
@oliverchang

Comments

@inferno-chromium
Copy link
Collaborator

Weird that this is only reproducing on ClusterFuzz and not on Docker container locally with fuzzer hash in nss. @ttaubert - any clues ?

hash: ../../fuzz/shared.h:21: NSSDatabase::NSSDatabase(): Assertion `NSS_NoDB_Init(nullptr) == SECSuccess failed.
ASAN:DEADLYSIGNAL

==1==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000001 (pc 0x7f8fb75f9418 bp 0x000000c06760 sp 0x7ffcca718ea8 T0)
SCARINESS: 10 (signal)
#0 0x7f8fb75f9417 in gsignal
#1 0x7f8fb75fb019 in abort
#2 0x7f8fb75f1bd6 in libc.so.6
#3 0x7f8fb75f1c81 in __assert_fail
#4 0x51502a in NSSDatabase::NSSDatabase() /src/nss/fuzz/shared.h:21:19
#5 0x51502a in LLVMFuzzerTestOneInput /src/nss/fuzz/hash_target.cc:19
#6 0x969ee8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:550:13
#7 0x96906d in fuzzer::Fuzzer::ShuffleAndMinimize(std::__1::vector<std::__1::vector<unsigned char, std::__1::allocator >, std::__1::allocator<std::__1::vector<unsigned char, std::__1::allocator > > >) /src/libfuzzer/FuzzerLoop.cpp:477:3
#8 0xa4790a in fuzzer::FuzzerDriver(int, char***, int ()(unsigned char const, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:565:6
#9 0x9c69b8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#10 0x7f8fb75e482f in __libc_start_main
#11 0x41dc68 in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x35417)
==1==ABORTING
@ttaubert
Copy link
Contributor

Weird that this is only reproducing on ClusterFuzz and not on Docker container locally with fuzzer hash in nss.

Yeah, I was thinking that too, I tested it before filing the PR. So we had to work around a few issues here, trying to create a static NSS build. NSS usually isn't built that way, and maybe there's something wrong still and it's trying to load some DSO?

@ttaubert
Copy link
Contributor

Does ClusterFuzz use the same base-runner image that's here in the repository?

@ttaubert
Copy link
Contributor

What would be a good way to debug this? Is it possible to get an strace of the fuzzer run? Or maybe we'll get it to somehow reproduce locally.

@inferno-chromium inferno-chromium assigned oliverchang and Dor1s and unassigned mikea and kcc Jan 27, 2017
@inferno-chromium
Copy link
Collaborator Author

So, this is a minijail sandboxing issue, Oliver can take a look. The binary runs fine on the bot without minijail.

@inferno-chromium
Copy link
Collaborator Author

@ttaubert - does hash fuzzer writes any temp database anywhere like user home, etc (as part of NSS_NoDB_Init) ? I think that could be the reason for this initialization failure.

@inferno-chromium
Copy link
Collaborator Author

@ttaubert - see https://github.com/google/oss-fuzz/blob/master/docs/fuzzer_environment.md#file-system, can you modify code to write database in /tmp. everything else will be read-only.

@ttaubert
Copy link
Contributor

We currently hard-fail when seeding from /dev/urandom fails, and we assume that this might be the cause. We seed from urandom but never use it because we have a deterministic PRNG for fuzzing. We now simply skip seeding in "fuzzing mode".

The latest NSS revision has the fix, can you please try again on ClusterFuzz? Thanks!

@Dor1s
Copy link
Contributor

Dor1s commented Jan 27, 2017

I've just kicked off the NSS build. In 1-2 hours we'll see how it's going on CF.

@inferno-chromium inferno-chromium mentioned this issue Jan 27, 2017
Closed
@inferno-chromium
Copy link
Collaborator Author

Ok now fixed.

Command: /mnt/scratch0/clusterfuzz/slave-bot/builds/clusterfuzz-builds_nss_c7f62f1d50ead7b467de2ea6701001cb50f4098f/revisions/hash -max_len=6048 -rss_limit_mb=2048 -timeout=25 -artifact_prefix=/ -max_total_time=2950 -print_final_stats=1 /new /nss_hash
Bot: ossfuzz-linux-4027
Time ran: 2951.060843

INFO: Seed: 1888960566
INFO: Loaded 1 modules (56073 guards): [0xffa3f0, 0x1031014),
Loading corpus dir: /new
Loading corpus dir: /nss_hash
Loaded 1024/4111 files from /nss_hash
Loaded 2048/4111 files from /nss_hash
Loaded 4096/4111 files from /nss_hash
#0 READ units: 4107
#4096 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 2048 rss: 60Mb
#4107 INITED cov: 1217 ft: 350 corp: 28/17Kb exec/s: 2053 rss: 60Mb
#8192 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 2048 rss: 60Mb
#16384 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1820 rss: 60Mb
#32768 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1820 rss: 60Mb
#65536 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1820 rss: 60Mb
#131072 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1872 rss: 60Mb
#262144 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1941 rss: 60Mb
#524288 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1963 rss: 60Mb
#1048576 pulse cov: 1217 ft: 350 corp: 28/17Kb exec/s: 1952 rss: 60Mb
#1677721 NEW cov: 1219 ft: 352 corp: 29/17Kb exec/s: 1983 rss: 60Mb L: 64 MS: 4 ChangeASCIIInt-ChangeASCIIInt-ChangeASCIIInt-ChangeBinInt-
#2097152 pulse cov: 1219 ft: 352 corp: 29/17Kb exec/s: 1989 rss: 60Mb
#4194304 pulse cov: 1219 ft: 352 corp: 29/17Kb exec/s: 1985 rss: 60Mb
#5865347 DONE cov: 1219 ft: 352 corp: 29/17Kb exec/s: 1987 rss: 60Mb
Done 5865347 runs in 2951 second(s)
stat::number_of_executed_units: 5865347
stat::average_exec_per_sec: 1987
stat::new_units_added: 1
stat::slowest_unit_time_sec: 0
stat::peak_rss_mb: 60

DavidKorczynski pushed a commit that referenced this issue Jul 9, 2024
@dependabot
Bump google/osv-scanner-action from 1.7.3 to 1.7.4 (#321)
5564b36 
Bumps
[google/osv-scanner-action](https://github.com/google/osv-scanner-action)
from 1.7.3 to 1.7.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/ba0b4d196d231340e0ae94ae00933c8be0984192"><code>ba0b4d1</code></a>
1.7.4 release (<a
href="https://redirect.github.com/google/osv-scanner-action/issues/24">#24</a>)</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/37531d8939a19a3e55d45f3f021b69fc5d9892db"><code>37531d8</code></a>
Fixes <a
href="https://redirect.github.com/google/osv-scanner-action/issues/21">#21</a>
(<a
href="https://redirect.github.com/google/osv-scanner-action/issues/22">#22</a>)</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/8d8993e00c6110d3d337dcc764c5c23596092811"><code>8d8993e</code></a>
Fix configuration not found warning when using unified gh workflow (<a
href="https://redirect.github.com/google/osv-scanner-action/issues/20">#20</a>)</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/fe5d4dafd2a6f178413f5c0fe2591b2904ececc2"><code>fe5d4da</code></a>
Update workflow files (<a
href="https://redirect.github.com/google/osv-scanner-action/issues/18">#18</a>)</li>
<li>See full diff in <a
href="https://github.com/google/osv-scanner-action/compare/75532bf0bf75464b047d80414dbce04449498365...ba0b4d196d231340e0ae94ae00933c8be0984192">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google/osv-scanner-action&package-manager=github_actions&previous-version=1.7.3&new-version=1.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oliverchang oliverchang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mikea @ttaubert @oliverchang @kcc @Dor1s @inferno-chromium