CRASH from race on detach in LOG debug-build code
While testing a fix for #3535 (closed), running debug build I hit this crash maybe once in 100 runs:
#4 0x00007fe6e8f590a5 in getchar () at getchar.c:37
#5 0x00005640f8054db3 in handle_signal (signal=11, siginfo=0x7fe6e56cff30, ucxt=0x7fe6e56cfe00) at /home/bruening/dr/git/src/suite/tests/api/detach_signal.cpp:105
#6 <signal handler called>
#7 0x00007fe6e93d1c72 in master_signal_handler_C (sig=7, siginfo=0x7fe6e56d0770, ucxt=0x7fe6e56d0640, xsp=0x7fe6e56d0638 ";\016\071\351\346\177") at /home/bruening/dr/git/src/core/unix/signal.c:5107
0x00007fe6e93d1c59 <+1004>: lea 0x161388(%rip),%rax # 0x7fe6e9532fe8 <d_r_stats>
0x00007fe6e93d1c60 <+1011>: mov (%rax),%rax
0x00007fe6e93d1c63 <+1014>: test %rax,%rax
0x00007fe6e93d1c66 <+1017>: je 0x7fe6e93d1ccc <master_signal_handler_C+1119>
0x00007fe6e93d1c68 <+1019>: lea 0x161379(%rip),%rax # 0x7fe6e9532fe8 <d_r_stats>
0x00007fe6e93d1c6f <+1026>: mov (%rax),%rax
==>
0x00007fe6e93d1c72 <+1029>: mov 0x218(%rax),%eax
0x00007fe6e93d1c78 <+1035>: test %eax,%eax
0x00007fe6e93d1c7a <+1037>: je 0x7fe6e93d1ccc <master_signal_handler_C+1119>
0x00007fe6e93d1c7c <+1039>: lea 0x161365(%rip),%rax # 0x7fe6e9532fe8 <d_r_stats>
0x00007fe6e93d1c83 <+1046>: mov (%rax),%rax
0x00007fe6e93d1c86 <+1049>: mov 0x214(%rax),%eax
0x00007fe6e93d1c8c <+1055>: and $0x10,%eax
0x00007fe6e93d1c8f <+1058>: test %eax,%eax
0x00007fe6e93d1c91 <+1060>: je 0x7fe6e93d1ccc <master_signal_handler_C+1119>
0x00007fe6e93d1c93 <+1062>: callq 0x7fe6e93ae109 <get_sys_thread_id>
(gdb) p &((dr_statistics_t*)0)->loglevel
$2 = (uint *) 0x218
(gdb) p d_r_stats
$3 = (dr_statistics_t *) 0x0Must be a race where d_r_stats is set to NULL in between the check for NULL and the de-ref of loglevel.
I was not planning to fix it: b/c it would require eliminating all LOG calls on detach paths, which are useful for debugging, and b/c it is limited to debug build.