<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - clang-10 segmentation fault with afl-llvm-pass"
   href="https://bugs.llvm.org/show_bug.cgi?id=43099">43099</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>clang-10 segmentation fault with afl-llvm-pass
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>release blocker
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>-New Bugs
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedclangbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>fanrong1992@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk
          </td>
        </tr></table>
      <p>
        <div>
        <pre>1. I've installed clang-10 on Ubuntu16.04 like this:
$ sudo vim /etc/apt/sources.list
deb <a href="http://apt.llvm.org/xenial/">http://apt.llvm.org/xenial/</a> llvm-toolchain-xenial main
deb-src <a href="http://apt.llvm.org/xenial/">http://apt.llvm.org/xenial/</a> llvm-toolchain-xenial main
$ wget -O - <a href="https://apt.llvm.org/llvm-snapshot.gpg.key|sudo">https://apt.llvm.org/llvm-snapshot.gpg.key|sudo</a> apt-key add -
$ sudo apt-get update
$ sudo apt install clang-10
$ clang-10 -v
clang version 10.0.0-svn369512-1~exp1+0~20190821094726.2429~1.gbp4f0304 (trunk)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/5
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/5.4.0
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6
Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6.0.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.3
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.0.0
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/5.4.0
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6.0.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.4.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.0.0
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@mx32
Selected multilib: .;@m64

2. It will crash when running command like this:
$ clang-10 -cc1 -triple x86_64-pc-linux-gnu -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name test-instr.c
-mrelocation-model static -mthread-model posix -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64
-dwarf-column-info -debugger-tuning=gdb -resource-dir
/usr/lib/llvm-10/lib/clang/10.0.0 -internal-isystem /usr/local/include
-internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem /usr/include
-ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc
-fdiagnostics-show-option -fcolor-diagnostics -load ./afl-llvm-pass.so -o
/tmp/test-instr-743674.o -x c test-instr.c

afl-llvm-pass 2.52b by <<a href="mailto:lszekeres@google.com">lszekeres@google.com</a>>
[+] Instrumented 6 locations (non-hardened mode, ratio 100%).
Stack dump:
0.      Program arguments: clang-10 -cc1 -triple x86_64-pc-linux-gnu -emit-obj
-mrelax-all -disable-free -disable-llvm-verifier -discard-value-names
-main-file-name test-instr.c -mrelocation-model static -mthread-model posix
-fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables
-fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb
-resource-dir /usr/lib/llvm-10/lib/clang/10.0.0 -internal-isystem
/usr/local/include -internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem /usr/include
-ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc
-fdiagnostics-show-option -fcolor-diagnostics -load ./afl-llvm-pass.so -o
/tmp/test-instr-743674.o -x c test-instr.c
[1]    21467 segmentation fault  clang-10 -cc1 -triple x86_64-pc-linux-gnu
-emit-obj -mrelax-all -disable-free

3. GDB backtrace is as follow:
(gdb) bt
#0  0x00007f7791fe2ccb in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
#1  0x00007f7791fe4668 in _Unwind_Backtrace () from
/lib/x86_64-linux-gnu/libgcc_s.so.1
#2  0x00007f7791d1fb4f in __GI___backtrace (array=<optimized out>,
size=<optimized out>) at ../sysdeps/x86_64/backtrace.c:110
#3  0x00007f77932c39ef in llvm::sys::PrintStackTrace(llvm::raw_ostream&) ()
from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#4  0x00007f77932c1df0 in llvm::sys::RunSignalHandlers() () from
/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#5  0x00007f77932c3df1 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#6  <signal handler called>
#7  0x00007f7790b63d60 in ?? ()
#8  0x00007f7793e53ba0 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#9  0x00007f779325fed9 in llvm::llvm_shutdown() () from
/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#10 0x00007f7793241a90 in llvm::InitLLVM::~InitLLVM() () from
/usr/lib/x86_64-linux-gnu/libLLVM-10.so.1
#11 0x0000000000496c18 in main ()
#12 0x00007f7791c2a830 in __libc_start_main (main=0x494560 <main>, argc=0x34,
argv=0x7ffecdeb1188, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffecdeb1178) at ../csu/libc-start.c:291
#13 0x0000000000494299 in _start ()

It will crash clang-8 on ubuntu18.04 too.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>