Open Bug 1483907 Opened 2 years ago Updated 2 years ago

libFuzzer builds not instrumented for coverage


(Firefox Build System :: General, defect)

Not set


(Not tracked)


(Reporter: truber, Assigned: truber)




> libFuzzer stopped working in the past few days. Both on oss-fuzz and locally. All targets.
> $ MOZ_RUN_GTEST=1 LIBFUZZER=1 FUZZER=SdpParser obj-fuzz/dist/bin/firefox
> Running Fuzzer tests...
> INFO: Seed: 3954647428
> INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
> INFO: A corpus is not provided, starting from an empty corpus
> #2	INITED lim: 4 exec/s: 0 rss: 313Mb
> ERROR: no interesting inputs were found. Is the code instrumented for coverage? > Exiting.

This was bisected to d602a2f69ff8, but that change can't be easily backed out anymore. Instead, I am going to make the mozbuild changes conditional on Android, so that the builds still succeed, and libFuzzer will work again until I can figure out why this happened.
I'm also seeing this, and I'm very confused by it; `nm <relevant .o file>` shows calls into the expected sanitizer coverage libraries (and looking at the CLI invocations shows clang++ being passed -fsanitize=fuzz-no-link).

Is it possible two different copies of sancov are both ending up in the binary, and libFuzzer is using a different one from where the coverage is actually being recorded?
Blocks: 1475573
See Also: 1475573
You need to log in before you can comment on or make changes to this bug.