<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - -fsanitize-coverage=inline-8bit-counters + ThinLTO = lld crash"
   href="https://bugs.llvm.org/show_bug.cgi?id=41734">41734</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>-fsanitize-coverage=inline-8bit-counters + ThinLTO = lld crash
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Miscellaneous Instrumentation passes
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>lebedev.ri@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I know that no one will bother to look at the bug if there isn't a simple
self-contained reproducer, but i'm not sure how to create it here :S

This bug appears to originate from -fsanitize-coverage=inline-8bit-counters,
and only happens if ThinLTO (and lld) is used.
I can't tell if this is LLD bug, or instrumentation bug.

The observable effect of the bug:

ld.lld: /build/llvm/include/llvm/MC/MCSymbol.h:267: llvm::MCSection&
llvm::MCSymbol::getSection() const: Assertion `isInSection() && "Invalid
accessor!"' failed.
Stack dump:
0.      Program arguments: /build/llvm-build-GCC-release/bin/ld.lld
--hash-style=both --build-id --eh-frame-hdr -m elf_x86_64 -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -o
fuzz/librawspeed/decompressors/VC5DecompressorFuzzer
/usr/lib64/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/crt1.o
/usr/lib64/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/crti.o
/usr/lib64/gcc/x86_64-linux-gnu/8/crtbegin.o
-L/usr/lib64/gcc/x86_64-linux-gnu/8
-L/usr/lib64/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu
-L/usr/lib64/gcc/x86_64-linux-gnu/8/../../../../lib64 -L/lib/x86_64-linux-gnu
-L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib64
-L/usr/lib/x86_64-linux-gnu/../../lib64
-L/usr/lib64/gcc/x86_64-linux-gnu/8/../../.. -L/usr/lib/llvm-9/bin/../lib
-L/lib -L/usr/lib -plugin /usr/lib/llvm-9/bin/../lib/LLVMgold.so
-plugin-opt=mcpu=x86-64 -plugin-opt=O3 -plugin-opt=thinlto --whole-archive
/usr/lib/llvm-9/lib/clang/9.0.0/lib/linux/libclang_rt.ubsan_standalone-x86_64.a
--no-whole-archive
--dynamic-list=/usr/lib/llvm-9/lib/clang/9.0.0/lib/linux/libclang_rt.ubsan_standalone-x86_64.a.syms
--whole-archive
/usr/lib/llvm-9/lib/clang/9.0.0/lib/linux/libclang_rt.ubsan_standalone_cxx-x86_64.a
--no-whole-archive
--dynamic-list=/usr/lib/llvm-9/lib/clang/9.0.0/lib/linux/libclang_rt.ubsan_standalone_cxx-x86_64.a.syms
--as-needed
--thinlto-cache-dir=/home/lebedevri/rawspeed/build/clang-thinlto-cache
--thinlto-cache-policy cache_size_bytes=1g
fuzz/librawspeed/decompressors/CMakeFiles/VC5DecompressorFuzzer.dir/VC5Decompressor.cpp.o
librawspeed.a fuzz/librawspeed_fuzz.a librawspeed.a
/usr/lib/x86_64-linux-gnu/libpugixml.so /usr/lib/x86_64-linux-gnu/libjpeg.so
/usr/lib/x86_64-linux-gnu/libz.so /usr/lib/llvm-9/lib/libomp.so -lstdc++ -lm
--no-as-needed -lpthread -lrt -lm -ldl -lgcc_s -lgcc -lc -lc -lgcc_s -lgcc
/usr/lib64/gcc/x86_64-linux-gnu/8/crtend.o
/usr/lib64/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/crtn.o 
 #0 0x00007f2dd1bbaaca llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/build/llvm/lib/Support/Unix/Signals.inc:494:22
 #1 0x00007f2dd1bb88f4 llvm::sys::RunSignalHandlers()
/build/llvm/lib/Support/Signals.cpp:68:20
 #2 0x00007f2dd1bb8a55 SignalHandler(int)
/build/llvm/lib/Support/Unix/Signals.inc:357:1
 #3 0x00007f2dd19b2730 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12730)
 #4 0x00007f2dd112f7bb raise (/lib/x86_64-linux-gnu/libc.so.6+0x377bb)
 #5 0x00007f2dd111a535 abort (/lib/x86_64-linux-gnu/libc.so.6+0x22535)
 #6 0x00007f2dd111a40f (/lib/x86_64-linux-gnu/libc.so.6+0x2240f)
 #7 0x00007f2dd1128102 (/lib/x86_64-linux-gnu/libc.so.6+0x30102)
 #8 0x00007f2dcf8092e0 llvm::MCSymbol::getVariableValue(bool) const
/build/llvm/include/llvm/MC/MCSymbol.h:300:12
 #9 0x00007f2dcf8092e0 llvm::MCSymbol::getFragment(bool) const
/build/llvm/include/llvm/MC/MCSymbol.h:387:65
#10 0x00007f2dcf8092e0 llvm::MCSymbol::getFragment(bool) const
/build/llvm/include/llvm/MC/MCSymbol.h:383:15
#11 0x00007f2dcf8092e0 llvm::MCSymbol::isUndefined(bool) const
/build/llvm/include/llvm/MC/MCSymbol.h:257:23
#12 0x00007f2dcf8092e0 llvm::MCSymbol::isDefined() const
/build/llvm/include/llvm/MC/MCSymbol.h:247:47
#13 0x00007f2dcf8092e0 llvm::MCSymbol::isInSection() const
/build/llvm/include/llvm/MC/MCSymbol.h:252:21
#14 0x00007f2dcf8092e0 llvm::MCSymbol::getSection() const
/build/llvm/include/llvm/MC/MCSymbol.h:267:5
#15 0x00007f2dcf810c36 llvm::isa_impl_cl<llvm::MCSectionELF, llvm::MCSection
const*>::doit(llvm::MCSection const*)
/build/llvm/include/llvm/Support/Casting.h:105:5
#16 0x00007f2dcf810c36 llvm::isa_impl_wrap<llvm::MCSectionELF, llvm::MCSection
const*, llvm::MCSection const*>::doit(llvm::MCSection const* const&)
/build/llvm/include/llvm/Support/Casting.h:132:40
#17 0x00007f2dcf810c36 llvm::isa_impl_wrap<llvm::MCSectionELF, llvm::MCSection*
const, llvm::MCSection const*>::doit(llvm::MCSection* const&)
/build/llvm/include/llvm/Support/Casting.h:123:60
#18 0x00007f2dcf810c36 bool llvm::isa<llvm::MCSectionELF,
llvm::MCSection*>(llvm::MCSection* const&)
/build/llvm/include/llvm/Support/Casting.h:143:74
#19 0x00007f2dcf810c36 llvm::cast_retty<llvm::MCSectionELF,
llvm::MCSection*>::ret_type llvm::cast<llvm::MCSectionELF,
llvm::MCSection>(llvm::MCSection*)
/build/llvm/include/llvm/Support/Casting.h:264:3
#20 0x00007f2dcf810c36 writeSection
/build/llvm/lib/MC/ELFObjectWriter.cpp:1031:49
#21 0x00007f2dcf810c36 writeSectionHeader
/build/llvm/lib/MC/ELFObjectWriter.cpp:1067:17
#22 0x00007f2dcf810c36 (anonymous
namespace)::ELFWriter::writeObject(llvm::MCAssembler&, llvm::MCAsmLayout
const&) (.constprop.465) /build/llvm/lib/MC/ELFObjectWriter.cpp:1224:21
#23 0x00007f2dcf811b37 std::vector<llvm::MCSectionELF const*,
std::allocator<llvm::MCSectionELF const*> >::~vector()
/usr/include/c++/8/bits/stl_vector.h:567:15
#24 0x00007f2dcf811b37 ~ELFWriter /build/llvm/lib/MC/ELFObjectWriter.cpp:101:8

Reproduction is easy and hard at the same time.
I'm not sure how to write a minimal reproducer by hand, and i'm not sure how to
reduce the existing "reproducer".
Just to star somewhere, i'll state the whole reproduction process:
$ git clone <a href="https://github.com/darktable-org/rawspeed.git">https://github.com/darktable-org/rawspeed.git</a>
$ cd rawspeed && mkdir build && cd build
$ CC=clang CXX=clang++ CFLAGS="-fsanitize-coverage=inline-8bit-counters"
CXXFLAGS="-fsanitize-coverage=inline-8bit-counters" cmake
-DCMAKE_BUILD_TYPE=Release ../ -DRAWSPEED_ENABLE_LTO=ON -GNinja && ninja
VC5DecompressorFuzzer
$ # you may want to pass some cmake options to disable some (or all!) deps,
although there is nothing heavy. See
<a href="https://github.com/google/oss-fuzz/blob/ae9398deefdf485c50bb625a20fd44a2def49418/projects/librawspeed/build.sh#L32-L38">https://github.com/google/oss-fuzz/blob/ae9398deefdf485c50bb625a20fd44a2def49418/projects/librawspeed/build.sh#L32-L38</a>
$ [80/80] Linking CXX executable
fuzz/librawspeed/decompressors/VC5DecompressorFuzzer
FAILED: fuzz/librawspeed/decompressors/VC5DecompressorFuzzer 
: && /usr/local/bin/clang++  -fsanitize-coverage=inline-8bit-counters
-std=c++14 -flto=thin -fforce-emit-vtables -fwhole-program-vtables
-fstrict-vtable-pointers -Wall -Wextra -Weverything -Wno-c++98-compat
-Wno-c++98-compat-pedantic -Wno-conversion -Wno-covered-switch-default
-Wno-deprecated -Wno-double-promotion -Wno-exit-time-destructors
-Wno-global-constructors -Wno-gnu-zero-variadic-macro-arguments
-Wno-old-style-cast -Wno-padded -Wno-switch-enum -Wno-unused-macros
-Wno-unused-parameter -Wno-weak-vtables -Wno-zero-as-null-pointer-constant
-Wextra-semi -Wframe-larger-than=4096 -Wlarger-than=32768 -O3 -DNDEBUG -O3 
-Wl,--as-needed -flto=thin -fuse-ld="/usr/local/bin/ld.lld"
-Wl,--thinlto-cache-dir="/home/lebedevri/rawspeed/build/clang-thinlto-cache"
-Wl,--thinlto-cache-policy,cache_size_bytes=1g
fuzz/librawspeed/decompressors/CMakeFiles/VC5DecompressorFuzzer.dir/VC5Decompressor.cpp.o
 -o fuzz/librawspeed/decompressors/VC5DecompressorFuzzer  librawspeed.a
fuzz/librawspeed_fuzz.a librawspeed.a /usr/lib/x86_64-linux-gnu/libpugixml.so
/usr/lib/x86_64-linux-gnu/libjpeg.so /usr/lib/x86_64-linux-gnu/libz.so
/usr/lib/llvm-9/lib/libomp.so && :
ld.lld: error: lto.tmp: invalid sh_link index: 0
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>