<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/63224>63224</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Deadlock during realloc when sanitizing with ASAN
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          maxammann
      </td>
    </tr>
</table>

<pre>
    I noticed hangs of my Rust test suite, which uses some ASAN-instrumented C library.
It turns out that ASAN is blocking a child process, which is being awaited from the main binary.

There is a test case which spawn a subprocess via `fork()` and then waits for it using `waitpid()`.

Using `gdb` I was able to extract the following bracktrace from the hanging child process:

```
0x00007ffff74c9a3a in __sanitizer::FutexWait(__sanitizer::atomic_uint32_t*, unsigned int) ()
 from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
(gdb) bt
#0  0x00007ffff74c9a3a in __sanitizer::FutexWait(__sanitizer::atomic_uint32_t*, unsigned int) ()
 from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#1 0x00007ffff74caeb2 in __sanitizer::Semaphore::Wait() ()
   from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#2 0x00007ffff74fa746 in __sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> >::GetFromAllocator(__sanitizer::AllocatorStats*, unsigned long, unsigned int*, unsigned long) () from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#3 0x00007ffff74fa7fd in __sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> > >::Refill(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> > >::PerClass*, __sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> >*, unsigned long) ()
   from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#4 0x00007ffff74facf9 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> >, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::Allocate(__sanitizer::SizeClassAllocator64LocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64<__sanitizer::LocalAddressSpaceView> > >*, unsigned long, unsigned long) () from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#5 0x00007ffff74fb01a in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) ()
 from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#6 0x00007ffff74f68e6 in __asan::asan_realloc(void*, unsigned long, __sanitizer::BufferedStackTrace*) ()
   from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#7 0x00007ffff759f46f in __interceptor_realloc.part.0 ()
   from /nix/store/572dbfdcc1zkzw96z6iw51i6p3q777qh-clang-wrapper-14.0.6/resource-root/lib/linux/libclang_rt.asan-x86_64.so
#8 0x000055555628085f in alloc::alloc::realloc () at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/alloc.rs:132
#9 alloc::alloc::Global::grow_impl (self=0x7ffff40f76f8, ptr=..., old_layout=..., new_layout=..., zeroed=false)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/alloc.rs:209
#10 0x0000555556280c20 in <alloc::alloc::Global as core::alloc::Allocator>::grow (self=0x7ffff40f76f8, ptr=..., old_layout=..., new_layout=...)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/alloc.rs:262
#11 0x000055555627fa06 in alloc::raw_vec::finish_grow (new_layout=..., current_memory=..., alloc=0x7ffff40f76f8)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/raw_vec.rs:466
#12 0x0000555555947f77 in alloc::raw_vec::RawVec<T,A>::grow_amortized (self=0x7ffff40f76f8, len=111, additional=1)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/raw_vec.rs:400
#13 0x000055555594d5d8 in alloc::raw_vec::RawVec<T,A>::reserve_for_push (self=0x7ffff40f76f8, len=111)
--Type <RET> for more, q to quit, c to continue without paging--
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/raw_vec.rs:298
#14 0x00005555559d5aba in alloc::vec::Vec<T,A>::push (self=0x7ffff40f76f8, value=...)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/vec/mod.rs:1840
#15 0x0000555555775152 in tlspuffin::tls::fn_impl::fn_fields::fn_append_cipher_suite (suites=0x60300001ed30, suite=0x6020002bbfd0)
    at tlspuffin/src/tls/./fn_fields.rs:200
#16 0x00005555556f10ea in core::ops::function::Fn::call () at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/ops/function.rs:79
#17 0x00005555557fe0c9 in <F as puffin::algebra::dynamic_function::DescribableFunction<(R,T1,T2)>>::make_dynamic::{{closure}} (args=0x7ffff40f7da8)
    at puffin/src/algebra/dynamic_function.rs:210
#18 0x0000555555e64457 in <alloc::boxed::Box<F,A> as core::ops::function::Fn<Args>>::call (self=0x611000c5de40, args=...)
    at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/alloc/src/boxed.rs:2002
#19 0x0000555555831b17 in core::ops::function::impls::<impl core::ops::function::Fn<A> for &F>::call (self=0x7ffff40f7e38, args=...)
 at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/ops/function.rs:263
#20 0x00005555558a77b2 in puffin::algebra::term::Term<M>::evaluate (self=0x611000c5de00, context=0x7ffff40fd0b0) at puffin/src/algebra/term.rs:132
```

I tested this using Clang versions 10-14. All hang about 50% of time.

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsWV2P26rW_jXMDUqE8ffFXKRJs1Vp71dVO-8-lxaG5YQzGFLAk8z8-iNsJ04y6YeOdkdzcapqYj4M63nWA2thmHNyowHuUfoBpas71vmtsfctO7C2ZVrf1UY833_C2njJQeAt0xuHTYPbZ_ylcx57cB67TnpAdIn3W8m3uHPgsDMt4MXXxf_NpHbedi1oDwIvsZK1ZfZ5jsgKkcUnj31ntcOm89hvme_fwdLhWhn-KPUGM8y3Ugm8s4aDc9M8oRP0PfZMhsEba1rst4BbJjWupZ7mGf4-bMFCeI8NhnPmYBzM7dheY4ZdV48T4SfJMMpIY-wjogWiJcoIZlqEKTQOczrcGIulx50LdqCMhNqdFKf-F9P__7HXRtRhrE94zxxmtQLsDYaDt4z7HkBjlDL70Lu2jD-GBpjgBS-Etkte4sX5XCgj4_--SA6EEJI3TdPkCS9ZzLDUuKoc09LLF7Dh9Xix7jwc_sWkR7R41ci8aSWvOql9TCuP6CL4otO9hASW2iNa4hF6P-tgMqJrLQ-Irp03FhBdpzkVdSM4j14eX_Zl9pLJfRrJbBd_y_P823bGFdOb2d6y3Q7sLErmZJ4hurbgTGc5zKwxHtG1knX_V3eHodS_V1k_Z47p2aHIqiyZOzMyQovAOy1x7Y81McH4f9QEIqIrHhjU9CYPX6Flu22wti-OjLyCh98bQHoJsGF5kt0GKF9gqZhzC6UMZ97YLEHxsqrCwEOXxeex6urVPw1naiGEBee-7hiHvyXsUfwRo_jj0OMP8Gtr2tPQt8R0avzqmXfXWlJGb16L61afo0femyfiV55oxC97oqd4yfgWbjngN_lu8t8XaKRSt7z2Do39DLYff5THmyn9h2p8r_tDcq1K3pQ3Vbk0bS01iGkNv51vb7rxT2Y38FfLdqe5Pnu7sJY9r541ayU_CWLsAO9fvz_b9N73Dpdeaakm0ZhUnFEzyefKNT9DfUMCH7qmAQviq2f88SFki6c1fzXjw_OuT9VrY9R7z0myKxqzArJrGsNTZYEFbIgWTyYk37fF86usvfedKr-gJS2bJGsGWqT2YDnsvLFHTuY7Zv2cvHNIxQgpDf8yWpAi7SENbh0cPT2O0I6Ln_mAxHbOc0TXJdQxa6CEGkqeC1oXSZ1HhFCRJE3CCAjGyxTIYFg4iiK6HuWzdpYfS3MbjlRRTE9Glt8x5w9laqaG5401-0q2OxWMc6AaFK_IofdUQpo8a4qgxJ23KF7N5_NQMEpUij2bzk91Gvav6l7AGhAoXjVMOTh35m9lgJJyOiSQaz9xSoKfULz8ETeYOcxPR4az5rNN8ONE4D_N3VsxlU1aiaJLpvKGkexK0ZbtqycYC43U0m2rI_xbAuCdtaB91UJr7PNUPw75iqvfCXu0fQCeZNkEnJ4DT8skb_L8R8C_sP3f4Xn5gOhycaGDirXGhv1a_FARCjSKV1EU9WQIIb00OizIVfSWJBAykRBfkSBSUfwXJFhwYJ-gaoytdp3b_ioNI-jZLET7sDi_fHwImVVjLG77rX6Jv2Fv8LcunN6XmIcCN9pL3QHeS781ncc7tpF6M5u9FYW0LCYKk0sKRcpqdkXhib5b3P2UryemOniLLSKYSdetEWNIKZIzpaQXMPM8jdL-u4tXbtc1jRzTHK_cuE_oPrycCo0EJaa2EJi1qLjcbcFW_YfZnoTw4HoaMhKH-SIQMQk0DB9vhxZKCKF13QhyzchkzhFVsIiu54iuT1YcA8YZvOwCXtZEBHovTtHA7I7Wd5qHlTt-bht_OVPqHwz0fEh0Bghharo-zjtYn59Fu_zSNw0QXo7Rbh1C2rmDmNpAbdlQEMO5q7qEtALHraxZrWB9algiWnxBdPkQdq8HGngPCh5F3LJHqMTxFBdqUP4B5R-4Mq6zgPIVyleBHmY37lLlgr0KAVcePJpM19f2jo6Mzhx5kaGlkCVJmr-O_LU5hBSlT67NIfA0rsnLDOAHPl8ueiQTBUcBnNZxFkWEEJ4KSHoBj9B_-zLusZ0kfhbqywtqijiqo_yXNB4W8tiA4mWfNf4iR8fNHNFs_X2mTlqAuPgeU2-xpmgWT59hySVbLM-HD83fXUwebDs8PfRPy79OiCHs4Wzc4l7rg_T6CGENDv6CEUFqMu4o310UYd7rQ8Dlpcp4hdXfJYHAfivdeBO0DOcd_ATWSaMdjkg4K-GFUv3dDWZ1CK8pQTTFpsFetjBeFN2J-1iUccnu4D7KiixO4iQq7rb3EXDekDLOgBVRDLwpeCbysk5ykUcNpHfynhIak4yUlCRxXMzjOiE0J3EiEtpkUYMSAi2Taq7UUzs3dnMnnevgPospTe4Uq0G5_h6QUg173DciSlG6urP34Z1Z3W0cSoiSzrtpFC-9gvsVMKEMf8Sis4GB4xltvwWNx3N3qA-5RX_Hd9dZdb_1fpA5XSO63ki_7eo5N23Ql3o6_sx21vwbeDhZ9lYFhfVW_ycAAP__cMrafg">