Opened 8 months ago

Closed 7 months ago

Last modified 7 months ago

#32783 closed defect (fixed)

Investigate clusterfuzz build failures

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: network-team-roadmap-2020Q1, security, technical-debt, tor-ci, 043-should
Cc: teor Actual Points: .3
Parent ID: Points: 3
Reviewer: [upstream] Sponsor:

Description

Our clusterfuzz setup has run into some build issues; I need to figure it out.

Child Tickets

Change History (14)

comment:1 Changed 8 months ago by nickm

Cc: teor added

comment:2 Changed 8 months ago by teor

Is there a link to the failures?

comment:3 Changed 8 months ago by nickm

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16992#c29 , but I think you may need a login. I'll try to figure out how to get you one, if you like?

comment:4 Changed 8 months ago by teor

I can see the build logs without a login. Looks like the fuzzers are crashing on startup?

comment:5 Changed 8 months ago by gaba

Keywords: network-team-roadmap-2020Q1 added

comment:6 Changed 7 months ago by nickm

Keywords: security technical-debt tor-ci added

comment:7 Changed 7 months ago by nickm

Keywords: 043-should added
Priority: MediumHigh

comment:8 Changed 7 months ago by gaba

Keywords: network-team-roadmap-2020Q1 security technical-debt tor-ci 043-shouldnetwork-team-roadmap-2020Q1, security, technical-debt, tor-ci, 043-should

comment:9 Changed 7 months ago by nickm

Okay. I spent a lot of time tracking this down, and I believe that the simplest fix is for us to build our instrumented version of Libevent here without openssl support, since we don't actually use Libevent's openssl support.

This bug started happening because Libevent began to require openssl, unless you explicitly disable it.

This bug became confusing because (I think) Libevent introduced this requirement while we were suffering from this issue: https://github.com/google/oss-fuzz/issues/2836 , and so we went from "failing for one reason where the answer was 'just wait a little'" to "failing for another reason that needs a fix."

I've made an OSS-Fuzz PR at https://github.com/google/oss-fuzz/issues/2836

comment:10 Changed 7 months ago by nickm

For reference, the instructions for reproducing all this stuff locally are at https://google.github.io/oss-fuzz/getting-started/ . You'll need docker running.

comment:11 Changed 7 months ago by nickm

Reviewer: [upstream]
Status: assignedneeds_review

comment:12 Changed 7 months ago by nickm

They've taken the patch; I'll reopen this if it doesn't fix our clusterfuzz build.

comment:13 Changed 7 months ago by nickm

Actual Points: .3
Resolution: fixed
Status: needs_reviewclosed

comment:14 Changed 7 months ago by nickm

(Clusterfuzz reports that our build is passing)

Note: See TracTickets for help on using tickets.