[llvm-bugs] [Bug 45456] New: Asan crashes in DTLS_on_tls_get_addr in heavily threadde application

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Apr 7 03:06:01 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=45456

            Bug ID: 45456
           Summary: Asan crashes in DTLS_on_tls_get_addr in heavily
                    threadde application
           Product: compiler-rt
           Version: 10.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: asan
          Assignee: unassignedbugs at nondot.org
          Reporter: dominik.strasser at onespin.com
                CC: llvm-bugs at lists.llvm.org

I am experiencing frequent crahes in DTLS_on_tls_get_addr when I am using ASAN
in my heavily threaded application.
In gdb the crasheds look like this:
#0  0x00000000007ddb9a in __sanitizer::DTLS_on_tls_get_addr
(arg_void=arg_void at entry=0x7fffc3c521b8, res=res at entry=0x7fff89afa628,
static_tls_begin=140735503374720, 
    static_tls_end=140735503380480) at
/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_tls_get_addr.cpp:96
#1  0x00000000007513d7 in __interceptor___tls_get_addr (arg=0x7fffc3c521b8)
    at
/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:5194

#0  0x00000000007ddb9a in __sanitizer::DTLS_on_tls_get_addr
(arg_void=arg_void at entry=0x7fffc3c521b8, res=res at entry=0x7fff89afa628,
static_tls_begin=140735503374720, 
    static_tls_end=140735503380480) at
/local/software/llvm-10.0.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_tls_get_addr.cpp:96
96        if (dtls.dtv[dso_id].beg) return 0;
(gdb) p dtls
$5 = {
  dtv_size = 256,
  dtv = 0x7fffa9353000,
  last_memalign_size = 0,
  last_memalign_ptr = 0
}
(gdb) p dtls.dtv
$6 = (__sanitizer::DTLS::DTV *) 0x7fffa9353000
(gdb) p *dtls.dtv
Cannot access memory at address 0x7fffa9353000
(gdb) p *arg
$7 = {
  dso_id = 4,
  offset = 0
}

So the access is not OOB, but the accessed memory looks like it is not mapped.
The crash happens from many different contexts in my application but alwys
boiils down to this kind of crash. It is not strictly reproducable, happens in
~every 3rd run. I do not have a small reproduction.

My LLVM is self comppiled, so can assist in debugging. Alternatively I can
grant access to our application via VPN/ssh for debugging.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200407/bb10fb37/attachment.html>

More information about the llvm-bugs mailing list