libc init failure

[clarkb7]

Attempting to load libc for the first time mid-run (via a new nudge in this case) using locate_and_load_private_library() leads to a seg-fault in __ctype_int in libc.

mov    rax,QWORD PTR fs:[rax]
mov    rax,QWORD PTR [rax]   (rax=0xabababababababab)

Crash occurs with and without clients, but does not occur if a client that depends on libc is used.

[clarkb7]

Uploading logs.
log.0.7556.html.txt
nudge.0.7556.html.txt

possibly related #534

[clarkb7]

I'm new to TLS but I think the problem is with the private loader not allocating TLS blocks for modules loaded after init time. privload_tls_init() sets up the init time module TLS blocks. Dynamically loaded modules have a different structure, shown on page 6 of https://www.akkadia.org/drepper/tls.pdf. A block comment at the top of loader_linux.c actually outlines the difference, but I don't see any code for it.

[zhaoqin]

Current private loader does not support allocating TLS for new libraries.
Below are three functions you want to look at for the TLS setup.
https://github.com/DynamoRIO/dynamorio/blob/master/core/unix/os.c#L1798
https://github.com/DynamoRIO/dynamorio/blob/master/core/unix/os.c#L1737
https://github.com/DynamoRIO/dynamorio/blob/master/core/unix/loader_linux.c#L248

[zhaoqin]

https://github.com/DynamoRIO/dynamorio/blob/master/core/unix/loader_linux.c#L315
The code above is the private loader allocate TLS for each library, which is only called from os_tls_init.
So separate loaded library does not have a setup TLS.