search

JuliaLang / julia

The Julia Programming Language
https://julialang.org/
MIT License
45.54k stars 5.47k forks source link

ASAN: crash on dlclose(libdl) #47697

Open maleadt opened 1 year ago

maleadt commented 1 year ago

https://github.com/JuliaLang/julia/pull/46255 introduced a workaround for dlopen not working properly under sanitizers, by calling dlopen from libdl directly (i.e., bypassing the sanitizer hook). However, on my system the dlclose(libdl) introduced there crashes ASAN's hooked version:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==2088016==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000337 (pc 0x7f41e6cd603d bp 0x7f41e6d07a08 sp 0x7ffc2b73e670 T0)
==2088016==The signal is caused by a READ memory access.
==2088016==Hint: address points to the zero page.
    #0 0x7f41e6cd603d  (/lib64/ld-linux-x86-64.so.2+0x203d) (BuildId: 22bd7a2c03d8cfc05ef7092bfae5932223189bc1)
    #1 0x7f41e6c21e3d in _dl_catch_exception (/usr/lib/libc.so.6+0x14fe3d) (BuildId: 1e94beb079e278ac4f2c8bce1f53091548ea1584)
    #2 0x7f41e6c21ef2 in _dl_catch_error (/usr/lib/libc.so.6+0x14fef2) (BuildId: 1e94beb079e278ac4f2c8bce1f53091548ea1584)
    #3 0x7f41e6b544ae  (/usr/lib/libc.so.6+0x824ae) (BuildId: 1e94beb079e278ac4f2c8bce1f53091548ea1584)
    #4 0x7f41e6b54205 in dlclose (/usr/lib/libc.so.6+0x82205) (BuildId: 1e94beb079e278ac4f2c8bce1f53091548ea1584)
    #5 0x44150f in dlclose /workspace/srcdir/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6392
    #6 0x7f41e3f2eda3 in ijl_dlopen /home/tim/Julia/src/julia/src/dlload.c:187:9
    #7 0x7f41e3f35a04 in julia_init /home/tim/Julia/src/julia/src/init.c:763:21
    #8 0x7f41e40632cc in jl_repl_entrypoint /home/tim/Julia/src/julia/src/jlapi.c:711:5
    #9 0x7f41e6a99312 in jl_load_repl /home/tim/Julia/src/julia/cli/loader_lib.c:507:12

It's curious that this doesn't trigger on CI. Just removing the dlclose works around the issue. @Keno, I assume that's OK, since I can't imagine actually unloading libdl?

maleadt commented 1 year ago

The ASAN trophy case label was intended for bugs found using ASAN; this is about a bug with our ASAN support.

brenhinkeller commented 1 year ago

Oh haha

StefanKarpinski commented 1 year ago

You can still have a trophy, @maleadt!