Closed Bug 1361185 Opened 4 years ago Closed 3 years ago

Taskcluster Windows ASan builds error "0xc0000142" on launch


(Core :: General, defect)

Windows 10
Not set





(Reporter: tsmith, Unassigned)



(Whiteboard: [fuzzblocker])

This seems to be caused by updating my machine to the latest Windows 10 Pro, version 1703.

I was previously running 1607 without any issues.
Tried this locally with the build from taskcluster but substituting my own-built clang_rt_asan_dynamic_x86_64 so that I can resolve symbols.

The asan runtime is asserting at
00 clang_rt_asan_dynamic_x86_64!__interception::InterceptionFailed
01 clang_rt_asan_dynamic_x86_64!__interception::GetInstructionSize
02 clang_rt_asan_dynamic_x86_64!__interception::OverrideFunctionWithHotPatch
03 clang_rt_asan_dynamic_x86_64!__interception::OverrideFunction
04 clang_rt_asan_dynamic_x86_64!__interception::OverrideFunction
05 clang_rt_asan_dynamic_x86_64!InitializeCommonInterceptors

Its disassembler falls over on ucrtbase!strnlen which in Win10 build 1703 looks like:
00007ffc`5a334a10 8b052a0a0c00    mov     eax,dword ptr [ucrtbase!_isa_available (00007ffc`5a3f5440)]
00007ffc`5a334a16 4c8bc9          mov     r9,rcx
00007ffc`5a334a19 83f805          cmp     eax,5
00007ffc`5a334a1c 0f8c91000000    jl      ucrtbase!strnlen+0xa3 (00007ffc`5a334ab3)

This will need an LLVM bug and a patch to
Actually, I'm not sure if their setup gracefully handles the relocation of IP-relative addresses...
So there's this `rel_offset` variable that will take care of the relative addresses, but there's another problem.

When hooking an API, the interceptors go through a list of `InterestingDLLsAvailable()` and patch any function with a matching name, but in build 1703, ucrtbase!strnlen and ntdll!strnlen are distinct functions. ASan ends up detouring them both to the same place, meaning they both use the same return pointer at `__interception::real_strnlen`, which causes problems.
(For anyone curious, the distinction is that ntdll!strnlen is a straightforward "dumb" implementation, while ucrtbase!strnlen will use SSE if available.)
See Also: → 1373562
With the patch at, I was able to get around this.

But I then hit an unrelated crash in ICU/strlen, for which I filed bug 1373763.
Whiteboard: [fuzzblocker]
Hey any updates?
Flags: needinfo?(dmajor)
Sorry, I completely lost track of this bug.

I just tried a build and it still crashes, in a new way. I'd like to get bug 1412952 landed before investigating further just so I'm not chasing a moving target.
This is a pain to debug without bug 1360650, which is stalled waiting on review. I'll try to get some movement there.
Depends on: 1417504
Depends on: 1418453
Depends on: 1360650
Flags: needinfo?(dmajor)
Let's check back when the blocking bugs are resolved.
(In reply to David Major [:dmajor] from comment #10)
> Let's check back when the blocking bugs are resolved.

Should be good now. Want to give it a try?
Flags: needinfo?(twsmith)
(In reply to David Major [:dmajor] from comment #11)
> Should be good now. Want to give it a try?

TC builds are still out of date and I don't have a Windows environment setup to build this atm.

If there are builds available somewhere I'd be happy to give them a try.
Flags: needinfo?(twsmith)
It works! Thank you.
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.