<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - clang-10 segmentation fault with afl-llvm-pass"

   href="https://bugs.llvm.org/show_bug.cgi?id=43099">43099</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>clang-10 segmentation fault with afl-llvm-pass

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>release blocker

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>fanrong1992@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk

          </td>

        </tr></table>

      <p>

        <div>

        <pre>1. I've installed clang-10 on Ubuntu16.04 like this:

$ sudo vim /etc/apt/sources.list

deb <a href="http://apt.llvm.org/xenial/">http://apt.llvm.org/xenial/</a> llvm-toolchain-xenial main

deb-src <a href="http://apt.llvm.org/xenial/">http://apt.llvm.org/xenial/</a> llvm-toolchain-xenial main

$ wget -O - <a href="https://apt.llvm.org/llvm-snapshot.gpg.key|sudo">https://apt.llvm.org/llvm-snapshot.gpg.key|sudo</a> apt-key add -

$ sudo apt-get update

$ sudo apt install clang-10

$ clang-10 -v

clang version 10.0.0-svn369512-1~exp1+0~20190821094726.2429~1.gbp4f0304 (trunk)

Target: x86_64-pc-linux-gnu

Thread model: posix

InstalledDir: /usr/bin

Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/5

Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/5.4.0

Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6

Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6.0.0

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.3

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6

Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.0.0

Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5

Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5.4.0

Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6

Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6.0.0

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.4.0

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6

Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.0.0

Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0

Candidate multilib: .;@m64

Candidate multilib: 32;@m32

Candidate multilib: x32;@mx32

Selected multilib: .;@m64

2. It will crash when running command like this:

$ clang-10 -cc1 -triple x86_64-pc-linux-gnu -emit-obj -mrelax-all -disable-free

-disable-llvm-verifier -discard-value-names -main-file-name test-instr.c

-mrelocation-model static -mthread-model posix -fmath-errno -masm-verbose

-mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64

-dwarf-column-info -debugger-tuning=gdb -resource-dir

/usr/lib/llvm-10/lib/clang/10.0.0 -internal-isystem /usr/local/include

-internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include

-internal-externc-isystem /usr/include/x86_64-linux-gnu

-internal-externc-isystem /include -internal-externc-isystem /usr/include

-ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc

-fdiagnostics-show-option -fcolor-diagnostics -load ./afl-llvm-pass.so -o

/tmp/test-instr-743674.o -x c test-instr.c

afl-llvm-pass 2.52b by <<a href="mailto:lszekeres@google.com">lszekeres@google.com</a>>

[+] Instrumented 6 locations (non-hardened mode, ratio 100%).

Stack dump:

0.      Program arguments: clang-10 -cc1 -triple x86_64-pc-linux-gnu -emit-obj

-mrelax-all -disable-free -disable-llvm-verifier -discard-value-names

-main-file-name test-instr.c -mrelocation-model static -mthread-model posix

-fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables

-fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb

-resource-dir /usr/lib/llvm-10/lib/clang/10.0.0 -internal-isystem

/usr/local/include -internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include

-internal-externc-isystem /usr/include/x86_64-linux-gnu

-internal-externc-isystem /include -internal-externc-isystem /usr/include

-ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc

-fdiagnostics-show-option -fcolor-diagnostics -load ./afl-llvm-pass.so -o

/tmp/test-instr-743674.o -x c test-instr.c

[1]    21467 segmentation fault  clang-10 -cc1 -triple x86_64-pc-linux-gnu

-emit-obj -mrelax-all -disable-free

3. GDB backtrace is as follow:

(gdb) bt

#0  0x00007f7791fe2ccb in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1

#1  0x00007f7791fe4668 in _Unwind_Backtrace () from

/lib/x86_64-linux-gnu/libgcc_s.so.1

#2  0x00007f7791d1fb4f in __GI___backtrace (array=<optimized out>,

size=<optimized out>) at ../sysdeps/x86_64/backtrace.c:110

#3  0x00007f77932c39ef in llvm::sys::PrintStackTrace(llvm::raw_ostream&) ()

from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#4  0x00007f77932c1df0 in llvm::sys::RunSignalHandlers() () from

/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#5  0x00007f77932c3df1 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#6  <signal handler called>

#7  0x00007f7790b63d60 in ?? ()

#8  0x00007f7793e53ba0 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#9  0x00007f779325fed9 in llvm::llvm_shutdown() () from

/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#10 0x00007f7793241a90 in llvm::InitLLVM::~InitLLVM() () from

/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1

#11 0x0000000000496c18 in main ()

#12 0x00007f7791c2a830 in __libc_start_main (main=0x494560 <main>, argc=0x34,

argv=0x7ffecdeb1188, init=<optimized out>, fini=<optimized out>,

rtld_fini=<optimized out>, stack_end=0x7ffecdeb1178) at ../csu/libc-start.c:291

#13 0x0000000000494299 in _start ()

It will crash clang-8 on ubuntu18.04 too.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>