<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/113427>113427</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [compiler-rt] Android 8.1 `getauxval(AT_PAGESZ)` crashes if called from `.preinit_array`.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          funsafe-ptr
      </td>
    </tr>
</table>

<pre>
    @fmayer 
This commit causes a crash in Android 8.1
https://github.com/llvm/llvm-project/commit/c6049e67efaaca34ca8ad93b007397b118574b81

using termux environment
```
~ $ cc --version
clang version 19.1.2
Target: aarch64-unknown-linux-android24
Thread model: posix
InstalledDir: /data/data/com.termux/files/usr/bin
```

```
~ $ curl -L https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/refs/heads/main/clang-r530567/lib/clang/19/lib/linux/libclang_rt.asan-aarch64-android.so?format=TEXT | base64 -d > libclang_rt.asan-aarch64-android.so
```
```
~ $ echo "int main(){}" | cc -x c - -fsanitize=address -Wl,-rpath,"./"; ./a.out
WARNING: linker: "/data/data/com.termux/files/home/libclang_rt.asan-aarch64-android.so" unused DT entry: type 0x70000001 arg 0x0
Segmentation fault
```
```
(lldb) target create "./a.out"
Current executable set to '/data/data/com.termux/files/home/a.out' (aarch64).
(lldb) run
Process 8767 launched: '/data/data/com.termux/files/home/a.out' (aarch64)
WARNING: linker: "/data/data/com.termux/files/home/libclang_rt.asan-aarch64-android.so" unused DT entry: type 0x70000001 arg 0x0
Process 8767 stopped
* thread #1, name = 'a.out', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
    frame #0: 0x0000007fb7cb67e8 libc.so`getauxval + 8
libc.so`getauxval:
->  0x7fb7cb67e8 <+8>:  ldr x9, [x8]
    0x7fb7cb67ec <+12>: cbz    x9, 0x7fb7cb6804 ; <+36>
 0x7fb7cb67f0 <+16>: add    x8, x8, #0x10
    0x7fb7cb67f4 <+20>: cmp x9, x0
(lldb) bt all
* thread #1, name = 'a.out', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
  * frame #0: 0x0000007fb7cb67e8 libc.so`getauxval + 8
    frame #1: 0x0000007fb782acb4 libclang_rt.asan-aarch64-android.so`::ReadFileToBuffer() [inlined] GetPageSizeCached at sanitizer_common.h:72:22
    frame #2: 0x0000007fb782ac88 libclang_rt.asan-aarch64-android.so`::ReadFileToBuffer() at sanitizer_file.cpp:134:19
    frame #3: 0x0000007fb782fd0c libclang_rt.asan-aarch64-android.so`::ReadLongProcessName() at sanitizer_linux.cpp:1203:7
    frame #4: 0x0000007fb782a2e0 libclang_rt.asan-aarch64-android.so`::CacheBinaryName() [inlined] ReadProcessName at sanitizer_common.cpp:279:3
    frame #5: 0x0000007fb782a2cc libclang_rt.asan-aarch64-android.so`::CacheBinaryName() at sanitizer_common.cpp:298:3
    frame #6: 0x0000007fb78c489c libclang_rt.asan-aarch64-android.so`::AsanInitInternal() at asan_rtl.cpp:398:3
    frame #7: 0x0000007fb78c4adc libclang_rt.asan-aarch64-android.so`::TryAsanInitFromRtl() at asan_rtl.cpp:533:17
    frame #8: 0x0000007fb78685ac libclang_rt.asan-aarch64-android.so`::___interceptor_read() at sanitizer_common_interceptors.inc:972:3
    frame #9: 0x0000007fb7d35b30 libc.so`je_pages_boot + 92
    frame #10: 0x0000007fb7d34fdc libc.so`malloc_init_hard_a0_locked + 2940
    frame #11: 0x0000007fb7d330b0 libc.so`jemalloc_constructor + 348
    frame #12: 0x0000007fb7eb33e4 linker64`__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_ + 284
    frame #13: 0x0000007fb7eb3610 linker64`__dl__ZN6soinfo17call_constructorsEv + 400
    frame #14: 0x0000007fb7eb3508 linker64`__dl__ZN6soinfo17call_constructorsEv + 136
 frame #15: 0x0000007fb7eb3508 linker64`__dl__ZN6soinfo17call_constructorsEv + 136
    frame #16: 0x0000007fb7eaedf4 linker64`__dl___linker_init + 3192
    frame #17: 0x0000007fb7eb5bf4 linker64`__dl__start + 8
```


root cause: `getauxval(AT_PAGESZ)` crashes if called from `.preinit_array`.
```
~ $ echo $'#include <sys/auxv.h>\nstatic void a() {getauxval(AT_PAGESZ);} void (*preinit[])()__attribute((section(".preinit_array")))={&a};int main(){}' | cc -x c -;./a.out
Segmentation fault
```

```
(lldb) target create "./a.out"
Current executable set to '/data/data/com.termux/files/home/a.out' (aarch64).
(lldb) run
Process 28871 launched: '/data/data/com.termux/files/home/a.out' (aarch64)
Process 28871 stopped
* thread #1, name = 'a.out', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
    frame #0: 0x0000007fb7cbe7e8 libc.so`getauxval + 8
libc.so`getauxval:
-> 0x7fb7cbe7e8 <+8>:  ldr    x9, [x8]
    0x7fb7cbe7ec <+12>: cbz    x9, 0x7fb7cbe804 ; <+36>
    0x7fb7cbe7f0 <+16>: add    x8, x8, #0x10
 0x7fb7cbe7f4 <+20>: cmp    x9, x0
(lldb) bt
* thread #1, name = 'a.out', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
  * frame #0: 0x0000007fb7cbe7e8 libc.so`getauxval + 8
 frame #1: 0x00000055555597a8 a.out`a + 16
    frame #2: 0x0000007fb7eb33e4 linker64`__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_ + 284
    frame #3: 0x0000007fb7eaede4 linker64`__dl___linker_init + 3176
    frame #4: 0x0000007fb7eb5bf4 linker64`__dl__start + 8
(lldb) 
```

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzcWV1vIykW_TX4BdmioD4f_GDHcSvaVivqRDureSlRQNlMY7CA8jj9sL99BVXu2HFlJpnNrnrXsmxXAfeeey8cOC7qnNxoIeYgW4JsNaGd3xo7bzvtaCume28njeFPc5CidkefhIUArQBaPG6lg8zsdtJDRjsnHKSQWeq2UGq40NwayWE5S_ruW-_3DpAFwGuA1xvpt10zY2YH8Fqpw-lrurfmN8E8wOvedPiRo7QSeSFaShklKaMl5RVpECpIVTRJUmZF2pSDn_6zc1JvoBd21x2h0Adpjd4J7Yc-ORre8fKfEOAUMgan04OwThrd32eK6g0cbsGkmiUzPMRO7UZ4QBaQUsu2eTrt9DdtftdTJXV3nNI-epyeUmUF5XBnuFBh0N44eeyb7rTzVCnBV9KGJoDXnHr6_MXMbtbHAfC6lUo4gNedswCvG6lH4_mjIDur4PQzvKzGAHe2MWajhDOdZWKozV5R3xobf1rRdFL5ACCmBuD11rhQoj7qY5lHe0uA11a0od9WUB6-d1Tq07CpzQjK8iKOa86MJdWPW9FgfxVba-tn1FE9PeX7BNkZQNYBIPWArB5v__EIQXEDG-pEnsIph4DcwrdYGU3kWAoF2xoIMJbawz6sEuAKFEtQrADG0X2YS0fI4BROW0e19PK7AGRFObfCOTj9RQF8M7V76rcA3wCMZzFxGJAlDD_pzHTDXP1l8fXL3ZdPYW4oqb-JYZbgt02UrdmJN6YRY9jpzgkOV49QaG-fgif_tBcQHQsUXwmkdgPRcUjIg9iERUV9WB8t7dT4-np5iUuleANwBX1cR5BZQb2AQx764PGw1G46a4X2UBwF6zxtlIBOeOhDDYp3JWGwW0CAyyF-gKvZFSjbDcvq3hoWylUWeQEV7TTbCt6n_yM8__z1vUiA82a_F_yUrgX0PasBTBKAb6CmOwEBWYXsnAIO98M4aAV1RsfmsNtQBR_uPj3cfvp75NBhWWgTVlRwEsprmrARhJTFmXXqFQYEgKf8QQhha6NvTNDQGl9F2xSsyQtRRgIIOcjRRnjaHQ9UQYCXsOxtjDQHboxt00AgIUPP1gC5AXhZAnIb3EHFLTxWIVSQLY8lyFbPyM7GsWFcgoeBrPkeuvRDf3QsUQoDDfSdSR469-aebbXoZCsfbFHOo60y2Oo_QzqOCRrD0qbDeIxOWHb7AcjxepU2HlKlfr7CByz_bukvpk_y0kaJKWvSN-0feQAAyOKroHwtlXg0y65the23hzA1pFZSCw6yFfwk_D3diAf5XdzQwCqQenjaKGwdjj5Gz7aALAoMyOLEhRdg8RjYsvwIsBdgAtXM2H4PyCIhafgcW3nkGk3LEXs3ms9Gbwba-UIDt10DimeDEyKMgudiBFE6kh8s0LsQxeIspab26QzNZS0D6jPEo5XsweKiAmRBRrBmY1jZ-7I3jvUP0FTlK2jyKzQsLav3oVk4qu-09HfaC6upeoYTRtbWqwEGeRVGMQKD8vfBeLRPJyRra3Zf_etAsjiHk7GpVF4hycuMvg9JXdcy5IKJvTe2Dgz6eonOu7qZ1AyQRRWpYCxR1Ut4nGQNQWfU95uo93QjXN0Y4yP9VWOUklyRKCdpO6S8t7SjShlWSy19vaWW1xTVyrBvgkezuErRmOErZuWEoOYS4mCaGe287Zg3Npok6ShVX9GfaAgR6XCIylOQo7rmqq5__ZwgRpWqqbX06e5-fZD39-whqW9vD_d_Y_eP9a55yOoefpmO-boiN9GQPEEjvr7kzkjdmqSILs9icbeH6CJFowm6YivRkAyVf8lFQvLBxbP9K4b5EPsXIVzRhqCCtyMVqfs7cRL1JU7Gp-MVA4gma8YsOk-tP9_WxxVx_LRhCcQ_LOJJ-_zMh8vFY32_-HT78Gs4ZuSo_z9DOChbyKJMh601uzBqtrciroI4rcKNP9eMaTwZEamZ6ng4M924p3CKD-7Dbn8Lshvtgp5i8GAkh_S04xTLV1GSIDz77rH3YgDW_50TekQbdU29t7LpfL81lE6woNviBX4RTZAf1fAmq6BtcU6DviXLcdlbXMpeQJYvZOxbpeL_hWDEZVkk_zHFeOnlf1SWiY-QZSdFI15RZT_U1evCTLxVmInXhdmFub-gzc4GjwqzH1hGtdnPV_k_02Vvqf0roiyLr6qgJexDyhHt96SxLem_eEa4PiJQwcdcjWx-xRj2kQPBW_e-59kxSqcTPie8IhWdiHlS4CovUIGryXbelozkRZmzpERZ27RNRfKcJTzNsyJFFZrIOUY4TRAmqEQZrmZ5RkrUVJxz2rZl3oAUiR2VaqbUYTczdjORznViniQkxcVE0UYoFx80YKzF7zC2BubOVhM7jw8Amm7jQIqUdN49m_HSq_iEgpndXiphp9YH8XX2mOEjt_JJZ9X83U8sYjSBxIdwD3P8rwAAAP__qdZ1iA">