<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/115632>115632</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            clang-20 crashed with address_space attribute and dataflow sanitizer at O1 and above. Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          iamanonymouscs
      </td>
    </tr>
</table>

<pre>
    clang-20 crashed with ```address_space``` attribute and ```dataflow``` sanitizer at ```O1``` and above.

Compiler explorer: https://godbolt.org/z/vEMhdYY63

```
$cat mutant.c
void a(long b) {
  __attribute__((address_space(6))) char *c = 0;
  for (long d = 0; d < b; ++d)
    c[d] = 0;
}

$clang-20 -fsanitize=dataflow -O1 mutant.c
clang: /root/llvm-project/llvm/lib/IR/Instructions.cpp:693: void llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, const llvm::Twine&): Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics -fsanitize=dataflow -O1 <source>
1.      <eof> parser at end of file
2.      Optimizer
3.      Running pass "dfsan" on module "<source>"
 #0 0x0000000003bfb9a8 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3bfb9a8)
 #1 0x0000000003bf96ac llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3bf96ac)
 #2 0x0000000003b46ca8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x000074f1da042520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x000074f1da0969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x000074f1da042476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x000074f1da0287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x000074f1da02871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x000074f1da039e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x000000000352724e llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*>>, llvm::Twine const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x352724e)
#10 0x000000000559e2e8 llvm::IRBuilderBase::CreateCall(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::MDNode*) (.constprop.0) DataFlowSanitizer.cpp:0:0
#11 0x00000000055a6c3c (anonymous namespace)::DFSanVisitor::visitMemSetInst(llvm::MemSetInst&) (.isra.0) DataFlowSanitizer.cpp:0:0
#12 0x00000000055b097d llvm::InstVisitor<(anonymous namespace)::DFSanVisitor, void>::visit(llvm::Instruction&) DataFlowSanitizer.cpp:0:0
#13 0x00000000055b39be (anonymous namespace)::DataFlowSanitizer::runImpl(llvm::Module&, llvm::function_ref<llvm::TargetLibraryInfo& (llvm::Function&)>) (.constprop.0) DataFlowSanitizer.cpp:0:0
#14 0x00000000055b5564 llvm::DataFlowSanitizerPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x55b5564)
#15 0x0000000003e9761e llvm::detail::PassModel<llvm::Module, llvm::DataFlowSanitizerPass, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3e9761e)
#16 0x00000000035af7a0 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x35af7a0)
#17 0x0000000003ea86fb (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&, clang::BackendConsumer*) BackendUtil.cpp:0:0
#18 0x0000000003eabf25 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>, clang::BackendConsumer*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3eabf25)
#19 0x000000000457791e clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x457791e)
#20 0x000000000672364c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x672364c)
#21 0x0000000004577d08 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4577d08)
#22 0x0000000004832e69 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4832e69)
#23 0x00000000047b20de clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x47b20de)
#24 0x0000000004918c6e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4918c6e)
#25 0x0000000000ce9f2f cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce9f2f)
#26 0x0000000000ce1bea ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#27 0x00000000045baf09 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#28 0x0000000003b47154 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x3b47154)
#29 0x00000000045bb4ff clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#30 0x00000000045817ed clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x45817ed)
#31 0x00000000045828dd clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x45828dd)
#32 0x0000000004589c95 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0x4589c95)
#33 0x0000000000ce6dc9 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce6dc9)
#34 0x0000000000bb3954 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xbb3954)
#35 0x000074f1da029d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#36 0x000074f1da029e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#37 0x0000000000ce169e _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+0xce169e)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134
```

It does not crash on Clang-19.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkWl9z46iy_zTkhbJLQrIsPeTBseO7szWzk4qzW7VPLoRaDnck0AWUP_vpb4FkWyj2TLLrs3XOnqlMYkPT_PpH03RLUK35TgBco9kNmq2uaGsepbrmtKZCitdatprpq1wWr9esomI3IQFmiupHKPAzN48YJUH3Q4tCgdZb3VAGh1ZMjVE8bw1gKoqjdEENLSv5fBTUVHDD_wCFqTnKfQ0HqkSBaS6fYIqCFQoW3e-lrBtegcLw0lRSgULRAj8a02gULRBZI7LeySKXlZlKtUNk_Qci66fbL4_F778n0VDTYab-K4kZNbhuDRVmyrrGJ8kLTBFJKyl2OEckw2h-0_VhvN0ezN1uEUkRSX1aSJogknU_mD1ShRFZMIyiFQ5QdNBTStvRzVEcet3HJc7tR0RuELkprKZ-DMYMzW4KNFuN1KH5yrOSxIeVnJR71lG02i8JnnwNR1a7AZZXRNZKSoPIuqqe6kmj5P8C23-1f3iOyPrTvf0ltFEtM1wKPWVNg6JFkkVWiePQDYgWKFosaVVZ4e4bF9xY0w_d61Y4JQ-vDSCyQGQ5GPsbrdq3rQul6Os9lChanhCNbt8h_bUBRUVx04qighWUD-d04V4fk0KbgdaHZy4AEbfc0QIvtAZlzXCuTVLuxkUrvH54naDodgfml7a-o4rW2jmO9aslmi8HAq63oyHlTiJaWRULtdNodsPRbNVL9kK9nzkUCUaEWKq52GGKy57VbhNTnNMC20hATasAkRARgsgcl5RXUPT77e7z7WJzi3Wb19zYMe0OK2ikMtjI8Zbj5rHNp0zWA-fwXYZr3YJGZO02NhesagvA5hG6AINzyr4Z5XbNEjcKGiUZaA0F1rJVXbMLCVpLxqmBAqtWYM0Ub0wPeWMo-4aLtrbu1zUFUxRkd0ruFK0xVbu2BmF079yyschYH1Imh5BC1t2eoftl1BOjWvENkXXOxb4bT3bFM1XlJMaTHZ5Iq5E2jdXbmqY1U40ntWUBTyYvaTKhup7oV2HoC4pWXBio8KQUcvIEKpcabD-ebPBksmNsYqSs2CPlwq7695BaYS1oox-lwZOSyUqqScHpTkhtONPdHI7jUfO5YICiZU95dNuRGFoSUbQEWdo90FClu8ANosCyxCWvoJMkVvJrY3htY3vXFtm2-1YI64sN1dr6ZmGnR4RgKXAti7YC2-pNTUgf7BCJAhy8BPt_UV7mGU0H20-_6u7DneLCODd46HxpEFoUfd5KbRTQ2u2RJebCdDsm_cvOgMhN8NIDO4ZpRKJwhDxLKDuFfFkBFW3zVWzsvqwQSVvhDusC24Ph0jgtDA8n8XHGCaMpXlq3uQcmn0C9dsB-ojZGKhuUOvY8maUUBl5MfwIE7v9hiqifYh6XYUGDmMxI0BvVnSQvabJN4knFRfsy2Ym262BTLaeJA-6GeLBjX2eWZCXDjXlUQIvtN15VH5vAjfcmmI1Bx_ME71zw_KBuN9TTnfi6STovI5vzKPMxzW6gp3n-RnOYf1hnmHs6U19nlEGWfEynG-LpzDyvm5E5ieEfkyy8UeeyhC536HKFC27pjrsDuTbyeEFzNsuAwDBofrq_aXlVgLqhGnq-FVADlvW_l-cxMcO-L6tfZNFN4PiaOrFGyWZqQwFeUUPXlXze7CuKt8HHkhH6ZNCERcyqOxQ-WNAa-rw966ZerTdU_MY1N1J1LU_2yxeoN2CcXw5ZGjbvF3fKtaIfwkl8nHmQzYfps1V_QLT8CH6ydKm488uDKZ4Bgxy-t-CdmKMR5ijL4YfcjlX3h3QrPtWN735fXH7wxjH2Se1WjdzsgaodmM88V1S9fhKl7PLhEw69z9hv_5pvxSP7Z7MkHgB9o-WOan0w9z2mLgStXjXXX6igO0vV8s0Qa8NlQ0pviBdSZl68hmyehMN4XYChvOpTMar1F1lAdQqtZ91pfv4EAXvX_ndmtSfNYzXxT0FazmkwwOmYPI_xn0pUx4NH1Nx3P5omZf6jQHNbc2Pr8TqvXn-CqtlHmvtW9IUKtUDueAOVK-LT_fMPFC1uKPsGolj00WKJtSm6nlbw_2th2xifDltkNM-KG9juS43BoAJK2lZmW0AFBn4wsE8gkvdM-yBl9dVVnWveucR75hyNGk74loOlFLqt7Rq6k7hv_dXw6nRQTEdrlZdkNlRr16VX0mHwmV8da9Vbsds_XfGA_QS0ALUBqtijXUoptJdDDESXsoD_AfEDqe7g-IHQZyp2p0SOtG6M4mJnkx8_kek31-I0v0cfG57IRrWaP8E9lEth7kar_lT2x4hdvs2rNlD3qdXf76bvcJkLxlDnTV5o8CqJeDafZyF8D1LnQa6YfVBU6MpFgV-7EmMwbrF56IvaSwe4HuTQCuKl7MmcREnMhlbcUaVhsXnwMW6gpr0X5lJWx78XRNuD8dCGY86LID2x63rP7nb9C7DWwN7Z04szWgSph9HLp-M0IpBkQ4xrZVf3sP2GIC8Or5vdg-elzvE8J0EBPoXdhDY3p4LBaRbP23Npn-0QeiZ42W-chSlLPBN6sEdLniSjb4G_sfTCQaNH5kH30tmAQVaSEjMWbmvK_cxoUM-6Fzl95N-Xsn7bvtS6sAUdPs-AZGRAmAPFe8KX4YOLAgMzNjWtqt-AGalcmXXKmtFpZnX0EdB7dFEo_nSmICJzPzDktAyy8YugUfnmevu3GPv0lNGqyin7ti2FRXr0lW7u3m-W4VLWNRXFePOeXL3DISfdGU798uR4dB-OtcOA7Za9vIRh9yWnmjN7BHKLybHoCduGrVGUG73vHqmjVWX3gavj9_1WZHEM3859Os7dEETmFa3zgiIyP1LVvTm0oj_L_PR6pKOHu_NwNixQTz3CPSTJG1pC9erR-f2lu-yTaofV8_nRSZ_ncVni_2bncE8uGqpM99DinBf4L1HiWRrOoThLnFs1-uZM3LPphe7RQCtwLnv-jujCS2EGtl0qOXAGD10pGiUwKUmLDzPys8z1eTp-lvlnrs25SuFNOD54QEO5XXz3kuX9DA5LuH8dj5Ymj0cy4jFj2ewc5tXgs5canMgJzvH_N_J40fTUEeMxF40O8KRgfXq6z0H2yF0QWbx50H7ueL5g1mExeaC9jC_I8yibxdjCvdysnVJv1tGbOJIV2QdfH7ohns7xG7gM4gBvt3bYVhuqzHZg1rtngdifZT7O0pIMcKf_kutk1R7mPVziAaXc24vOq3DZ1weY9T7fXfrobobAC7deVAAOo9hCazXgyRM2EmsAzAepeza6j6XAtEqA3XV28Ok7Vu73J4MLCRoLafq7H1LgpTMzzKZXxXVUZFFGr-A6nEchCcMkyK4er2nJoniWZzGwMsiiLEiCkpE5yZMoYwmkV_yaBCQOwzAI4iCJs-msDGZlMovDmEVpmc5QHEBNeTW1u2cq1e7KXUq5DsNZEpGriuZQaXc1jhABz9j1IkLQbHWlrt19lrzdaRQHFddGH9UYbio4c2POuxE2uh93uHbh3Yb7Gg7uvv2HXyW6alV1_efvCvUr83RN_j8AAP__4Q11ag">