safe_read magic unstable during detach from threaded app.
Following happens with a small reproducer that we produced off Google code.
- DR is attached to app running threaded code. The app is sending PROF signals (but type of signal doesn't matter, as long as it is asynchronous and process-directed).
- The app starts a detach via start/stop API (with_cleanup() path).
- Detach syncs and all threads go native. At this point, the thread's TLS (DynamoRIO's) has been removed.
- Main thread is not done cleaning up, signal handlers are still DR's.
- PROF signal comes in, child thread receives it. Signal handler calls safe_read_tls_magic(). <=>
- Corner case: main thread removes signal handlers and restores the app's handlers.
- safe_read_tls_magic() segfaults because no TLS.
- SIGSEGV is delivered to app.