When we randomize mmaps during chaos mode, we try to avoid the ranges used by ASAN (e.g.
|
sanitizer_exclude_memory_ranges.push_back(asan_allocator_reserved2); |
). However, we don't take into account the AdditionalSize() that the sanitizers add to the reserved ranges in their headers (
https://github.com/llvm/llvm-project/blob/e2040f5ba3c4f54599776e6f4118881c501bf1f8/compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h#L115).
Tyson has a trace where we randomize librrpreload.so to be at exactly the address we believe an ASAN range ends. However, because of the AdditionalSize(), the first two pages of librrpreload.so get wiped out by ASAN and we blow up. In Tyson's trace AdditionalSize() is 2 * PAGE_SIZE, but I don't know if it can be bigger on any other platform we care about.
When we randomize mmaps during chaos mode, we try to avoid the ranges used by ASAN (e.g.
rr/src/RecordSession.cc
Line 2302 in 80981f6
Tyson has a trace where we randomize librrpreload.so to be at exactly the address we believe an ASAN range ends. However, because of the AdditionalSize(), the first two pages of librrpreload.so get wiped out by ASAN and we blow up. In Tyson's trace AdditionalSize() is 2 * PAGE_SIZE, but I don't know if it can be bigger on any other platform we care about.