[libfuzzer] force use_prebuilt_instrumented_libraries for libfuzzer

testing/libfuzzer/getting_started.md

 # Getting Started with libFuzzer in Chrome
 
 *** note
 **Prerequisites:** libFuzzer in Chrome is supported with GN on Linux only. 
 ***
 
 This document will walk you through:
 
 * setting up your build enviroment.
 * creating your first fuzzer.
@@ skipping 11 matching lines @@
 ```bash
 # With address sanitizer
 gn gen out/libfuzzer '--args=use_libfuzzer=true is_asan=true is_debug=false enable_nacl=false' --check
 ```
 
 Supported sanitizer configurations are:
 
 | GN Argument | Description |
 |--------------|----|
 | `is_asan=true` | enables [Address Sanitizer] to catch problems like buffer overruns. |
-| `is_msan=true` | enables [Memory Sanitizer] to catch problems like uninitialed reads. |
-| `is_ubsan_security=true` | enables [Undefined Behavior Sanitizer] to catch<sup>\[[1](#Notes)\]</sup> undefined behavior like integer overflow. |
+| `is_msan=true` | enables [Memory Sanitizer] to catch problems like uninitialed reads<sup>\[[1](#note1)\]</sup>. |
+| `is_ubsan_security=true` | enables [Undefined Behavior Sanitizer] to catch<sup>\[[2](#note2)\]</sup> undefined behavior like integer overflow. |
 | | it is possible to run libfuzzer without any sanitizers; *probably not what you want*.|
 
 
 ## Write Fuzzer Function
 
 Create a new .cc file and define a `LLVMFuzzerTestOneInput` function:
 
 ```cpp
 #include <stddef.h>
 #include <stdint.h>
@@ skipping 86 matching lines @@
 
 ## Next Steps
 
 * After your fuzzer is submitted, you should check its [ClusterFuzz status] in
 a day or two.
 * Check the [Efficient Fuzzer Guide] to better understand your fuzzer
 performance and for optimization hints.
 
 
 ## Notes
-[1] By default UBSan doesn't crash once undefined behavior has been detected.
+
+*[1]* {#note1}You need to [download prebuilt instrumented libraries](https://www.chromium.org/developers/testing/memorysanitizer#TOC-How-to-build-and-run)
+to use msan ([crbug/653712](https://bugs.chromium.org/p/chromium/issues/detail?id=653712)):
+```bash
+GYP_DEFINES='use_goma=1 msan=1 use_prebuilt_instrumented_libraries=1' gclient runhooks
+```
+
+*[2]* {#note2}By default UBSan doesn't crash once undefined behavior has been detected.
 To make it crash the following additional option should be provided:
-
 ```bash
 UBSAN_OPTIONS=halt_on_error=1 ./fuzzer <corpus_directory_or_single_testcase_path>
 ```
-
 Other useful options (used by ClusterFuzz) are:
 ```bash
 UBSAN_OPTIONS=symbolize=1:halt_on_error=1:print_stacktrace=1 ./fuzzer <corpus_directory_or_single_testcase_path>
 ```
 
 
+
 [Address Sanitizer]: http://clang.llvm.org/docs/AddressSanitizer.html
 [ClusterFuzz status]: clusterfuzz.md#Status-Links
 [Efficient Fuzzer Guide]: efficient_fuzzer.md
 [Fuzzer Dictionary]: efficient_fuzzer.md#Fuzzer-Dictionary
 [Maximum Testcase Length]: efficient_fuzzer.md#Maximum-Testcase-Length
 [Memory Sanitizer]: http://clang.llvm.org/docs/MemorySanitizer.html
 [Seed Corpus]: efficient_fuzzer.md#Seed-Corpus
 [Undefined Behavior Sanitizer]: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
 [crbug/598448]: https://bugs.chromium.org/p/chromium/issues/detail?id=598448
 [url_parse_fuzzer.cc]: https://code.google.com/p/chromium/codesearch#chromium/src/testing/libfuzzer/fuzzers/url_parse_fuzzer.cc