<html>
    <head>
      <base href="https://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Sanitizer Coverage crashes in fork() after dlclose() of coverage-instrumented object"
   href="https://llvm.org/bugs/show_bug.cgi?id=26922">26922</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Sanitizer Coverage crashes in fork() after dlclose() of coverage-instrumented object
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>compiler-rt
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>compiler-rt
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>jld@mozilla.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=16029" name="attach_16029" title="Minimal test case">attachment 16029</a> <a href="attachment.cgi?id=16029&action=edit" title="Minimal test case">[details]</a></span>
Minimal test case

Steps To Reproduce:

1. Create a .so with sanitizer coverage; e.g.:
  clang -shared -fPIC -fsanitize=address -fsanitize-coverage=edge -x c
/dev/null -o empty.so

2. Compile the attached test case with the same sanitizer flags.

3. Run it, like:
  ASAN_OPTIONS=coverage=1 LD_LIBRARY_PATH=$PWD ./forktest empty.so

And that segfaults in the child process, because coverage_data::guard_array_vec
still holds pointers to the now-unmapped .so's coverage guard, and the fork
interceptor tries to access them to reset them.

I'm not sure what the right fix is here.  I've worked around it by commenting
out the dlclose() call in the code under test, but that's not so good in
general.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>