[llvm-bugs] [Bug 46957] New: double free when compiling JSC with afl-clang-lto(clang 12)

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Aug 2 00:38:20 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=46957

            Bug ID: 46957
           Summary: double free when compiling JSC with
                    afl-clang-lto(clang 12)
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: adrian.r.tiron at gmail.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

Hi all,

I downloaded llvm12 , compiled and installed it, then I build AFL++ with. 

I can build  simple test programs with afl-clang-lto just fine.

When I tried to compile JSC with afl-clang-lto I got the following stacktrace:

FAILED: bin/testdfg
: && /usr/local/bin/afl-clang-lto++  -fdiagnostics-color=always
-fcolor-diagnostics -Wextra -Wall -Wno-noexcept-type -Wno-psabi
-Wno-parentheses-equality -Qunused-arguments -Wwrite-strings -Wundef
-Wpointer-arith -Wmissing-format-attribute -Wformat-security -Wcast-align -O3
-lrt -fno-strict-aliasing -fno-exceptions -fno-rtti -g  -O3 -lrt
Source/JavaScriptCore/shell/CMakeFiles/testdfg.dir/__/dfg/testdfg.cpp.o  -o
bin/testdfg  lib/libJavaScriptCore.a  lib/libWTF.a  lib/libbmalloc.a 
/usr/lib/x86_64-linux-gnu/libicudata.so 
/usr/lib/x86_64-linux-gnu/libicui18n.so  /usr/lib/x86_64-linux-gnu/libicuuc.so 
-ldl  -lpthread && :
clang-12: warning: '-fuse-ld=' taking a path is deprecated. Use '--ld-path='
instead
clang-12: warning: '-fuse-ld=' taking a path is deprecated. Use '--ld-path='
instead
free(): double free detected in tcache 2
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace.
Stack dump:
0. Program arguments: /usr/local/bin/ld.lld -z relro --hash-style=gnu
--eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o
bin/testdfg /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/crt1.o
/usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/9/crtbegin.o -L/usr/lib/gcc/x86_64-linux-gnu/9
-L/usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu
-L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/9/../../.. -L/usr/local/bin/../lib -L/lib
-L/usr/lib -plugin-opt=mcpu=x86-64 -plugin-opt=O3 -lc++
--allow-multiple-definition
-mllvm=-load=/usr/local/lib/afl/afl-llvm-lto-instrumentation.so -lrt -lrt
Source/JavaScriptCore/shell/CMakeFiles/testdfg.dir/__/dfg/testdfg.cpp.o
lib/libJavaScriptCore.a lib/libWTF.a lib/libbmalloc.a
/usr/lib/x86_64-linux-gnu/libicudata.so /usr/lib/x86_64-linux-gnu/libicui18n.so
/usr/lib/x86_64-linux-gnu/libicuuc.so -ldl -lpthread
/usr/local/lib/afl/afl-llvm-rt.o /usr/local/lib/afl/afl-llvm-rt-lto.o -lstdc++
-lm -lgcc_s -lgcc -lc -lgcc_s -lgcc /usr/lib/gcc/x86_64-linux-gnu/9/crtend.o
/usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/crtn.o
1. Running pass 'afl++ LTO instrumentation pass' on module 'ld-temp.o'.
 #0 0x000055ac5ffd4e6e llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/usr/local/bin/ld.lld+0x898e6e)
 #1 0x000055ac5ffd2d04 llvm::sys::RunSignalHandlers()
(/usr/local/bin/ld.lld+0x896d04)
 #2 0x000055ac5ffd2e48 SignalHandler(int) (/usr/local/bin/ld.lld+0x896e48)
 #3 0x00007fe820db73c0 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x153c0)
 #4 0x00007fe82085718b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618b)
 #5 0x00007fe820836859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25859)
 #6 0x00007fe8208a13ee (/lib/x86_64-linux-gnu/libc.so.6+0x903ee)
 #7 0x00007fe8208a947c (/lib/x86_64-linux-gnu/libc.so.6+0x9847c)
 #8 0x00007fe8208ab0ed (/lib/x86_64-linux-gnu/libc.so.6+0x9a0ed)
 #9 0x00007fe820896043 fclose (/lib/x86_64-linux-gnu/libc.so.6+0x85043)
#10 0x00007fe820dd83ed (anonymous
namespace)::AFLLTOPass::runOnModule(llvm::Module&)
/home/adrian/Downloads/AFLplusplus/llvm_mode/afl-llvm-lto-instrumentation.so.cc:0:23
#11 0x000055ac62dc8210 llvm::legacy::PassManagerImpl::run(llvm::Module&)
(/usr/local/bin/ld.lld+0x368c210)
#12 0x000055ac61982664 (anonymous namespace)::opt(llvm::lto::Config const&,
llvm::TargetMachine*, unsigned int, llvm::Module&, bool,
llvm::ModuleSummaryIndex*, llvm::ModuleSummaryIndex const*)
(/usr/local/bin/ld.lld+0x2246664)
#13 0x000055ac619837e0 llvm::lto::backend(llvm::lto::Config const&,
std::function<std::unique_ptr<llvm::lto::NativeObjectStream,
std::default_delete<llvm::lto::NativeObjectStream> > (unsigned int)>, unsigned
int, std::unique_ptr<llvm::Module, std::default_delete<llvm::Module> >,
llvm::ModuleSummaryIndex&) (/usr/local/bin/ld.lld+0x22477e0)
#14 0x000055ac61976a83
llvm::lto::LTO::runRegularLTO(std::function<std::unique_ptr<llvm::lto::NativeObjectStream,
std::default_delete<llvm::lto::NativeObjectStream> > (unsigned int)>)
(/usr/local/bin/ld.lld+0x223aa83)
#15 0x000055ac619771d2
llvm::lto::LTO::run(std::function<std::unique_ptr<llvm::lto::NativeObjectStream,
std::default_delete<llvm::lto::NativeObjectStream> > (unsigned int)>,
std::function<std::function<std::unique_ptr<llvm::lto::NativeObjectStream,
std::default_delete<llvm::lto::NativeObjectStream> > (unsigned int)> (unsigned
int, llvm::StringRef)>) (/usr/local/bin/ld.lld+0x223b1d2)
#16 0x000055ac60148ea5 lld::elf::BitcodeCompiler::compile()
(/usr/local/bin/ld.lld+0xa0cea5)
#17 0x000055ac600bfab5 void
lld::elf::LinkerDriver::compileBitcodeFiles<llvm::object::ELFType<(llvm::support::endianness)1,
true> >() (/usr/local/bin/ld.lld+0x983ab5)
#18 0x000055ac600d18a4 void
lld::elf::LinkerDriver::link<llvm::object::ELFType<(llvm::support::endianness)1,
true> >(llvm::opt::InputArgList&) (/usr/local/bin/ld.lld+0x9958a4)
#19 0x000055ac5feda383 lld::elf::LinkerDriver::main(llvm::ArrayRef<char
const*>) (/usr/local/bin/ld.lld+0x79e383)
#20 0x000055ac600d602b lld::elf::link(llvm::ArrayRef<char const*>, bool,
llvm::raw_ostream&, llvm::raw_ostream&) (/usr/local/bin/ld.lld+0x99a02b)
#21 0x000055ac5fed7560 main (/usr/local/bin/ld.lld+0x79b560)
#22 0x00007fe8208380b3 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b3)
#23 0x000055ac5ff704fe _start (/usr/local/bin/ld.lld+0x8344fe)
clang-12: error: unable to execute command: Aborted (core dumped)
clang-12: error: linker command failed due to signal (use -v to see invocation)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200802/98a0bda2/attachment.html>

More information about the llvm-bugs mailing list