[llvm-bugs] [Bug 26922] New: Sanitizer Coverage crashes in fork() after dlclose() of coverage-instrumented object

Fri Mar 11 16:59:27 PST 2016

https://llvm.org/bugs/show_bug.cgi?id=26922

            Bug ID: 26922
           Summary: Sanitizer Coverage crashes in fork() after dlclose()
                    of coverage-instrumented object
           Product: compiler-rt
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: jld at mozilla.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 16029
  --> https://llvm.org/bugs/attachment.cgi?id=16029&action=edit
Minimal test case

Steps To Reproduce:

1. Create a .so with sanitizer coverage; e.g.:
  clang -shared -fPIC -fsanitize=address -fsanitize-coverage=edge -x c
/dev/null -o empty.so

2. Compile the attached test case with the same sanitizer flags.

3. Run it, like:
  ASAN_OPTIONS=coverage=1 LD_LIBRARY_PATH=$PWD ./forktest empty.so

And that segfaults in the child process, because coverage_data::guard_array_vec
still holds pointers to the now-unmapped .so's coverage guard, and the fork
interceptor tries to access them to reset them.

I'm not sure what the right fix is here.  I've worked around it by commenting
out the dlclose() call in the code under test, but that's not so good in
general.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160312/a479a8ec/attachment.html>