<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Asan crashes in DTLS_on_tls_get_addr in heavily threadde application"

   href="https://bugs.llvm.org/show_bug.cgi?id=45456">45456</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Asan crashes in DTLS_on_tls_get_addr in heavily threadde application

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>compiler-rt

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>10.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>asan

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>dominik.strasser@onespin.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I am experiencing frequent crahes in DTLS_on_tls_get_addr when I am using ASAN

in my heavily threaded application.

In gdb the crasheds look like this:

#0  0x00000000007ddb9a in __sanitizer::DTLS_on_tls_get_addr

(arg_void=arg_void@entry=0x7fffc3c521b8, res=res@entry=0x7fff89afa628,

static_tls_begin=140735503374720, 

    static_tls_end=140735503380480) at

/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_tls_get_addr.cpp:96

#1  0x00000000007513d7 in __interceptor___tls_get_addr (arg=0x7fffc3c521b8)

    at

/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:5194

#0  0x00000000007ddb9a in __sanitizer::DTLS_on_tls_get_addr

(arg_void=arg_void@entry=0x7fffc3c521b8, res=res@entry=0x7fff89afa628,

static_tls_begin=140735503374720, 

    static_tls_end=140735503380480) at

/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_tls_get_addr.cpp:96

96        if (dtls.dtv[dso_id].beg) return 0;

(gdb) p dtls

$5 = {

  dtv_size = 256,

  dtv = 0x7fffa9353000,

  last_memalign_size = 0,

  last_memalign_ptr = 0

}

(gdb) p dtls.dtv

$6 = (__sanitizer::DTLS::DTV *) 0x7fffa9353000

(gdb) p *dtls.dtv

Cannot access memory at address 0x7fffa9353000

(gdb) p *arg

$7 = {

  dso_id = 4,

  offset = 0

}

So the access is not OOB, but the accessed memory looks like it is not mapped.

The crash happens from many different contexts in my application but alwys

boiils down to this kind of crash. It is not strictly reproducable, happens in

~every 3rd run. I do not have a small reproduction.

My LLVM is self comppiled, so can assist in debugging. Alternatively I can

grant access to our application via VPN/ssh for debugging.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>