oss-fuzz
oss-fuzz copied to clipboard
google
Ubuntu 24.04 Migration: Manual Review Required
We are migrating all OSS-Fuzz projects to Ubuntu 24.04. We have successfully verified 928 projects via automated mass reproduction.
However, the following 233 projects failed our automated build/reproduction verification on Google Cloud Build and require manual investigation to ensure they work correctly on Ubuntu 24.04.
@DavidKorczynski could you please take a look?
Failed Projects List
| # | Project |
|---|---|
| 1 | airflow |
| 2 | alembic |
| 3 | angular |
| 4 | apache-axis2 |
| 5 | apache-commons-bcel |
| 6 | apache-commons-beanutils |
| 7 | apache-commons-geometry |
| 8 | apache-commons-logging |
| 9 | apache-logging-log4cxx |
| 10 | apache-poi |
| 11 | aspell |
| 12 | astroid |
| 13 | avahi |
| 14 | avro |
| 15 | bazel-rules-fuzzing-test |
| 16 | bazel-rules-fuzzing-test-java |
| 17 | bearssl |
| 18 | bignum-fuzzer |
| 19 | bind9 |
| 20 | bitcoin-core |
| 21 | bls-signatures |
| 22 | bs4 |
| 23 | canvg |
| 24 | cel-cpp |
| 25 | cglib |
| 26 | checker-framework |
| 27 | cilium |
| 28 | config-validator |
| 29 | connectedhomeip |
| 30 | cosmos-sdk |
| 31 | cpython3 |
| 32 | cras |
| 33 | croaring |
| 34 | crosvm |
| 35 | cryptofuzz |
| 36 | cryptography |
| 37 | cryptsetup |
| 38 | cxxopts |
| 39 | cyclonedds |
| 40 | d3 |
| 41 | django |
| 42 | draco |
| 43 | e2fsprogs |
| 44 | ecc-diff-fuzzer |
| 45 | eclipse-equinox |
| 46 | edk2 |
| 47 | envoy |
| 48 | esp-v2 |
| 49 | espeak-ng |
| 50 | etcd |
| 51 | faad2 |
| 52 | fast-dds |
| 53 | fast-xml-parser |
| 54 | feign |
| 55 | ffmpeg |
| 56 | ffms2 |
| 57 | firefox |
| 58 | flask |
| 59 | fluxcd |
| 60 | fuzztest-example |
| 61 | fuzztest-raksha |
| 62 | g-api-py-api-common-protos |
| 63 | g-api-python-bigquery-storage |
| 64 | gdal |
| 65 | gfwx |
| 66 | git |
| 67 | gnupg |
| 68 | go-ethereum |
| 69 | go-ldap |
| 70 | golang |
| 71 | golang-protobuf |
| 72 | graphicsmagick |
| 73 | grok |
| 74 | groovy |
| 75 | grpc-swift |
| 76 | helm |
| 77 | hermes |
| 78 | hibernate-orm |
| 79 | hibernate-validator |
| 80 | hiredis |
| 81 | hostap |
| 82 | htmlunit |
| 83 | httpcomponents-core |
| 84 | imageio |
| 85 | jackson-databind |
| 86 | jackson-dataformat-xml |
| 87 | jackson-dataformats-binary |
| 88 | jackson-dataformats-text |
| 89 | java-jwt |
| 90 | javascript-example |
| 91 | jaxb |
| 92 | jersey |
| 93 | jimfs |
| 94 | jimp |
| 95 | jline3 |
| 96 | jmh |
| 97 | jopt-simple |
| 98 | jsc |
| 99 | jsch |
| 100 | jsonp-api |
| 101 | jsonpath |
| 102 | jstl-api |
| 103 | jwt-verify-lib |
| 104 | jxls |
| 105 | kde-thumbnailers |
| 106 | keycloak |
| 107 | kimageformats |
| 108 | knative |
| 109 | kubernetes |
| 110 | lame |
| 111 | libarchive |
| 112 | libcacard |
| 113 | libcst |
| 114 | libecc |
| 115 | libigl |
| 116 | libpng-proto |
| 117 | libreoffice |
| 118 | libressl |
| 119 | librsvg |
| 120 | libtheora |
| 121 | libtpms |
| 122 | libultrahdr |
| 123 | linkerd2-proxy |
| 124 | llvm |
| 125 | logback |
| 126 | lucene |
| 127 | lxc |
| 128 | lxml |
| 129 | mariadb |
| 130 | maven |
| 131 | mdbook-i18n-helpers |
| 132 | miniz_oxide |
| 133 | mongo-go-driver |
| 134 | mosquitto |
| 135 | mtail |
| 136 | mybatis-3 |
| 137 | mysql-connector-j |
| 138 | nanopb |
| 139 | nats |
| 140 | nccl |
| 141 | nettle |
| 142 | netty |
| 143 | nginx |
| 144 | nokogiri |
| 145 | ntp |
| 146 | ntpsec |
| 147 | num-bigint |
| 148 | numexpr |
| 149 | numpy |
| 150 | oak |
| 151 | okhttp |
| 152 | opencensus-cpp |
| 153 | opencsv |
| 154 | openssl |
| 155 | openthread |
| 156 | openvpn |
| 157 | openyurt |
| 158 | orjson |
| 159 | osgi |
| 160 | ostree |
| 161 | pacemaker |
| 162 | pandas |
| 163 | pendulum |
| 164 | pip |
| 165 | poppler |
| 166 | postfix |
| 167 | prometheus |
| 168 | protobuf-c |
| 169 | protobuf-java |
| 170 | proton-bridge |
| 171 | publicsuffix-list |
| 172 | pycrypto |
| 173 | pytables |
| 174 | python-multipart |
| 175 | qdox |
| 176 | qemu |
| 177 | rapidjson |
| 178 | rdkit |
| 179 | redux |
| 180 | reload4j |
| 181 | rhino |
| 182 | runc |
| 183 | scikit-learn |
| 184 | serde-yaml |
| 185 | sharp |
| 186 | sleuthkit |
| 187 | spatial4j |
| 188 | spdk |
| 189 | spicy |
| 190 | spidermonkey |
| 191 | spring-boot |
| 192 | spring-cloud-config |
| 193 | spring-cloud-netflix |
| 194 | spring-cloud-stream |
| 195 | spring-data-mongodb |
| 196 | spring-framework |
| 197 | spring-integration |
| 198 | spring-security |
| 199 | spring-shell |
| 200 | spring-webflow |
| 201 | sqlalchemy_jsonfield |
| 202 | starnix-netlink |
| 203 | stax |
| 204 | struts |
| 205 | swift-nio |
| 206 | tcmalloc |
| 207 | tensorflow |
| 208 | tensorflow-py |
| 209 | tensorflow-serving |
| 210 | threetenbp |
| 211 | thrift |
| 212 | tmux |
| 213 | tomcat |
| 214 | toml_edit |
| 215 | trafficserver |
| 216 | typescript |
| 217 | unblob |
| 218 | usbguard |
| 219 | wasmedge |
| 220 | wasmtime |
| 221 | websockets |
| 222 | wireshark |
| 223 | wolfmqtt |
| 224 | xen |
| 225 | xmlbeans |
| 226 | xmlunit |
| 227 | xnio-api |
| 228 | xnu |
| 229 | xpdf |
| 230 | xs |
| 231 | xstream |
| 232 | xvid |
| 233 | zeek |
avahi
avahi should be fine now that https://github.com/avahi/avahi/commit/f8e6e7c74f9e08c8446fc827be674298328d2d2c is merged to get around https://github.com/llvm/llvm-project/issues/114377. I've just marked https://github.com/google/oss-fuzz/pull/14242 as ready for review.
lxc
I think lxc fails under MSan because of https://github.com/llvm/llvm-project/issues/114377 probably. (Basically all the projects where strlcpy is now detected on Ubuntu 24.04 should be affected). I'm not sure what's going on with AFL though
FAILED: [code=1] src/lxc/liblxc.a.p/cgroups_cgfsng.c.o
/src/aflplusplus/afl-clang-fast -Isrc/lxc/liblxc.a.p -Isrc/lxc -I../src/lxc -I. -I.. -Isrc -I../src -Isrc/include -I../src/include -I../src/lxc/cgroups -I../src/lxc/storage -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=gnu11 -O0 -g -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wvla -Wcast-align -Wstrict-prototypes -fno-strict-aliasing -fstack-clash-protection --param=ssp-buffer-size=4 -Werror=implicit-function-declaration -Wmissing-include-dirs -Wold-style-definition -Winit-self -Wunused-but-set-variable -Wno-unused-parameter -Wfloat-equal -Werror=return-type -Werror=incompatible-pointer-types -Wformat=2 -Wshadow -Wendif-labels -Werror=overflow -fdiagnostics-show-option -Werror=shift-count-overflow -Wdate-time -Wnested-externs -fasynchronous-unwind-tables -fexceptions -Warray-bounds -Wreturn-local-addr -fsanitize=cfi -Wno-typedef-redefinition -Wno-gnu-variable-sized-type-not-at-end -ffat-lto-objects -include config.h -O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=unknown-warning-option -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fPIC -pthread -fvisibility=default -DIN_LIBLXC -MD -MQ src/lxc/liblxc.a.p/cgroups_cgfsng.c.o -MF src/lxc/liblxc.a.p/cgroups_cgfsng.c.o.d -o src/lxc/liblxc.a.p/cgroups_cgfsng.c.o -c ../src/lxc/cgroups/cgfsng.c
error: Redundant instrumentation detected, with module flag: nosanitize_address [-Werror,-Wbackend-plugin]
1 error generated.
We found some failures during testing, so we are re-running everything. I'm closing this issue for now and will open a new one once the tests are finished.