Generate usable coredumps when using ASAN.
Migrating this from starlight's comments in #13471 (moved):
As a point of interest, this bug handily facilitated the completion of a goal I've had to configure useable core-dumps on the stripped-down production relay system.
The key bit was an undocumented ASAN environment option:
unmap_shadow_on_exit=1
per
https://code.google.com/p/address-sanitizer/issues/detail?id=345
so running with
ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1"
I was finally able to obtain a good core file of this particular event. Then one brings the chroot_tor jail over to the dev system and can use gdb to examine the file. E.G.
Ed: GDB session omitted
Had to add libthread_db-1.0.so to the copy of the jail for 'gdb'.
Of course the point of all this is to obtain core files that can be used for postmortem analysis a one-off failures that may be impossible to reproduce.
I'll have to take a look at --enable-expensive-hardening.
I see in
gcc-4.9.1/libsanitizer/include/sanitizer/asan_interface.h
{{{ // This function may be optionally provided by user and should return // a string containing ASan runtime options. See asan_flags.h for details. const char* __asan_default_options(); }}}
which seems like it will do the job. Be aware that many references are made in web-postings regarding ASAN to usage similar to
{{{ #if defined(__has_feature) #if __has_feature(address_sanitizer) __sanitizer_sandbox_on_notify(NULL); #endif #endif }}}
which I call to allow ASAN to work with
/chroot_tor/proc
unmounted after startup, but the conditional compile is specific to CLANG and does not work for GCC. You should create your own -DASANFLAG conditional compilation flag. I only just figured this out and the above code was not working at all though I was laboring under the misconception that it was.Also be sure to either direct stdout/stderr to a file (as in my patch above) or configure the "log_path" ASAN option or ASAN will not work. I favor standard I/O since sometimes glibc will write a message that may be of value.
Note all of the options should be used
{{{ ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1" }}}
Apparently
abort_on_error=1
is necessary for SEGV traps to produce a core per the Google code issue linked above.