<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/139308>139308</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang crashes on valid code at -O3 on x86_64-linux-gnu: Segmentation fault
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
zhendongsu
</td>
</tr>
</table>
<pre>
Compiler Explorer: https://godbolt.org/z/rKfcxsjcx
It appears to be a recent regression as it doesn't reproduce with 20.1.0 and earlier.
```
[514] % clangtk -v
clang version 21.0.0git (https://github.com/llvm/llvm-project.git 865fb9c1a50f8b836a8c9ee6f4d1cbe7cce59fc3)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/home/suz/suz-local/software/local/clang-trunk/bin
Build config: +assertions
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/12
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/12
Candidate multilib: .;@m64
Selected multilib: .;@m64
Found CUDA installation: /usr/local/cuda, version 12.1
[515] %
[515] % clangtk -O3 small.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /local/home/suz/suz-local/software/local/clang-trunk/bin/clang-21 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -main-file-name small.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20250509-clangtk-m64-O3-build-150429/delta -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20250509-clangtk-m64-O3-build-150429/delta -resource-dir /local/home/suz/suz-local/software/local/clang-trunk/lib/clang/21 -I /usr/local/include -I /local/suz-local/software/local/include -internal-isystem /local/home/suz/suz-local/software/local/clang-trunk/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/12/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-b9cef3.o -x c small.c
1. <eof> parser at end of file
2. Optimizer
3. Running pass "require<globals-aa>,function(invalidate<aa>),require<profile-summary>,cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;no-prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide)),function(invalidate<should-not-run-function-passes>),cgscc(devirt<4>())" on module "small.c"
4. Running pass "cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;no-prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide))" on module "small.c"
5. Running pass "loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;no-prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>)" on function "main"
#0 0x0000559100f25f20 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/local/home/suz/suz-local/software/local/clang-trunk/bin/clang-21+0x467df20)
#1 0x0000559100f2332f llvm::sys::RunSignalHandlers() (/local/home/suz/suz-local/software/local/clang-trunk/bin/clang-21+0x467b32f)
#2 0x0000559100f2347a SignalHandler(int, siginfo_t*, void*) Signals.cpp:0:0
#3 0x00007fc84856e520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#4 0x00005590ffe52266 getNewDefiningAccessForClone(llvm::MemoryAccess*, llvm::ValueMap<llvm::Value const*, llvm::WeakTrackingVH, llvm::ValueMapConfig<llvm::Value const*, llvm::sys::SmartMutex<false>>> const&, llvm::SmallDenseMap<llvm::MemoryPhi*, llvm::MemoryAccess*, 4u, llvm::DenseMapInfo<llvm::MemoryPhi*, void>, llvm::detail::DenseMapPair<llvm::MemoryPhi*, llvm::MemoryAccess*>>&, llvm::MemorySSA*, llvm::function_ref<bool (llvm::BasicBlock*)>) (.constprop.0) MemorySSAUpdater.cpp:0:0
#5 0x00005590ffe52409 getNewDefiningAccessForClone(llvm::MemoryAccess*, llvm::ValueMap<llvm::Value const*, llvm::WeakTrackingVH, llvm::ValueMapConfig<llvm::Value const*, llvm::sys::SmartMutex<false>>> const&, llvm::SmallDenseMap<llvm::MemoryPhi*,
...
clangtk: error: unable to execute command: Segmentation fault
clangtk: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 21.0.0git (https://github.com/llvm/llvm-project.git 865fb9c1a50f8b836a8c9ee6f4d1cbe7cce59fc3)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/home/suz/suz-local/software/local/clang-trunk/bin
Build config: +assertions
clangtk: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clangtk: note: diagnostic msg: /tmp/small-7806d4.c
clangtk: note: diagnostic msg: /tmp/small-7806d4.sh
clangtk: note: diagnostic msg:
********************
[516] %
[516] % cat small.c
int a, b, c, d, e;
int main() {
while (e)
if (a) {
while (e) {
int *f = &c;
if (c)
__builtin_abort();
*f = 0;
if (b)
__builtin_abort();
e--;
}
if (d)
break;
}
}
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzsWl9z2yi0_zTkhcEjI9uxH_KgyPG2c7fbTtPdfcwgOJJpEOgCcpJ--jsHyU6cpP-7szt3kkldGQ7nHz8OPwVECLqxAGdkfk7m6xPRx63zZ5-2YJWzTehPKqfuzkrXdtqApxe3nXEePMkLuo2xCyQvCN8QvmmcqpyJE-cbwjefCN_4_6nlbfgob0lWkKx4HanoOhA-0OhoBVRQDxJspB4aDyFoZ6kIVEeqHARL-Cl2dd6pXgK90XFLeTaZTjIqrKIgvNHgJ4NyssjG36wg8_P5dEbma0r4nEojbBOvKduRrEhf6A58Msank2ySNTpSwpePotFx21cT6VrCN8bs9v-xzruPIOMERy0X87payamYZ_WyWuYLsZQrgEU9U1NZwamUMF_VMid8RbLig_ANREzc7XJxtZix3l5bd2OZ0ba_ZY3tUWjrQSjaOgUGRTsXNObvtQ1RGANqrVPu0R0nhSF8s3UtEL4J_afhk-07gqvjjfDwQDbFz6Lv7TXhm0pbkhXnvTaKSmdr3Qyqz0UI4KN2NpCs2LjeKiqFVVqJCPS3sqR6cEegzOhOHzwa0hVmT0rCN2OY9-HxzXT6qxVykhWXYEBGUD-vqTw41fYmahySF3RC8nMyy9rF7KGxz0oM8ZV_rosvOLOfkF4JwssDJKd8Mt1DeL6H8JOGA6bf5jS0wpiJJFnx7veL4vKChr5qdaSCVn2D68f5iAvu-_BN-EaH0EMgfJOWm7bS9Apo3AKVXoQtrYS8jl5IQP-7tFAlhACKBtf7oRlHihCc1AJT5ntLg_S6i7hsL6OQ11T1bYduZUU2IdnqnXeNFy0VvulbsDH8UrTv2_iUMimnlEWvOwOfXZGUQasjc9VHytBRpT0VjDKlg6gMsNoDUCYNCM9EiKyC2nlgmBqwirJWaMtqbYBZ0cJ-rihrPaCTCAuW1jrttKSs05IZ2IGhfPiiA-s0UNbWXrTAOqdtxOK7ts4CZXUr4paB99ZRVtcdk87ilESSr52lrLaOeUSjtg1DWcpa6WyIvpfReSaMFgECZXVvb7RVLGJUgeRrTllM9YrJrsf0sMWMsthbSA0NWPDosYKqbxrw2KVtQ_J1oyrK6tTOZNo2hjAVFq71g9n5zORhwiFEVMY3Vd8gAnnG59k8W7ER-KxdzNjbnFVYuth0ns34ivCNAhMFZbV0O_CigX_JvodhAaDJXwPdoXSlNvRmStnrp6Vkv0KHvq9E-WRQApYVhulwFyK0_4zjX7P4mYi-IPrVos43k8nTj2dkn1qDW3yQT62Oos_o-fLo7zeRSjyrwXvnmdFY2KcryurG9pKNmwbJ17MJn0wpq8O17phTnsktyGumLWvaOq0I4zxTWjTWhahloGwHWAL0J2DGue6oIZiOsloo5YNuKFtfXf1Wllevir8urtZ_F-83_KrcvL4qLt-QfD2lzKHXse0QEFjgWLWSUOcTR9ktlQ82qCkWeJKX4GqSX9BO-ACeikixVrqaYqEkWcFR7G0Xdas_gSdZkWPD-95ihaGdCIESzj38b689kLxsjKuECUwIkl8QXta9lWnD5Uttd8KkDZ3k5di_Iry8H9x5l-pz6NtW-LtBg2wCImqpYKd9JHk5S-1LbY228MAEEzH6QPIyJd46yzzI3ge9A_ZYBhUL33TetW5wr3Qd2LZjrotsNHnvfF6CwMKq7Y7k51jIwfd28CN4J0hetk7p-o7Juhm0IyW-YzJgXC20IYwJCR3IHsvgDhjcguxHA86aO6ZrpvQOfAM2jjV_GPWxbzsWEx9NxbCUznswuJEjS-hEI8Ywgm47o-u75EhZOdsHhswnjQ5bZxQCZYiidv5GeMXCjY5yixuWIvn5-M0L2wCLjmmJpADlx57oEKbXPbZeA3QDaAeRrdMhYq1vnU12j9qNEyqwEJ2HwPAlItlktUD6hjtWsqLt9WMN-6wBq4yT16lpDHRQUXlh5XZUcBDubedBabnfSjGVqFK6tkLw5GUrbpmO4MXAsA-p2YFH3bW-Tfv8iJhmeDfaAXuohZdGV1IYE1jYem2vb7zoCC-j0Aabwej2ZWa-PjMeDvQ0IRy5kdA2MkygtnuEY0wsLSi-TM_JldHmvv9hsnF-ZEvy0jomjHE3hzXohjU8DPEuDrVpC0KBZ6rvjJajFHqPvFp4wMlhJrpx6KD6eb3Ji6Gos94Ok5T8sNHrnRaG5OeHp7EcvsDkn1vAGOcBNUrjC1eprdoJH7Bk30Yv2HNzxnCjw_evASkKDDwEY2-9M4bVvTHjHD6_Jwy7OruvG61RIbJxC0r4DJ3RkdXORfCsqoZxzQ57R0hJibWlUuml7idy8e1bihhstdDK7s51kfBShdTidsBEjxCzOj5eml9YGKvBnMOVjdTtXwX9zyL-Pwv31VNydETI7olX2LreKGZdZL6392xphP3RlCWE7r8Ia7Fqouw4latju49537da-gzp2-vn1FnaOtUbQP65p7Wck6yYPcdQX1jkC4v8b6zKFxb5wiJfWOS_DpMXFvnCIl9Y5H-bRX6J5c2fY3n_v4t6Ssc-qxhuK7QdskEp4XlGs9ssy7L5fDXNsprPa57RdJ6YFyQvwl0YHt55bWM68PswHBku74W8uLlyIXoQLeELwkuKOOArmsj3Lz_5I_w8u50tTlXNs-FkHgOZPgokz3n9XCDve3upGyvMK2GVAUTm8p_3tcp5fe8rf-zr7FTQI6_SWwZinQbdaFu7q0h4kQ6anVbpcTWOCBPZdSQvsvRvnNZ8tHBay-VsOV_AnGf7ENOJyzPnJ0glJ8FNFoPTfH5IL2qc3fuc1TXMOV8saAPxD7hZQ61xSRVSQggb50vj7DFE3kDr_N0gMAZy3_mXMD28ER3Jy0eNNFGxJwP-BpFgeK1t89er55WV432Ib1R5wMdlK3x800e4JXlZC4OvURfD737o4njoJZaYNdjwJIYh6ndb_cTcM_mY9ccie42vbe2-qDUhItWHB6MV4DvAsaZ3Qvsf9G9IwePIB6nLy-LJ-H3FufJQp23VGXoEiHMRtDzHHWoA81CvUGaSsow8YIL4owcjf3ZKRPDPwX3-GJyzbPUCzu8DJ8mKyWSyv2MVr0le0HRsiQ-9RV5Ao6PDXw7Q07YVyH8KeglNC3bYjGmiJ5_RMtzeqr2zEazaq6C10AYUVX0yEFJVQyT0ASjbpTYAqu1uvHExVKWXq2DffxXswaRYh-SkoPdnyrQNw6BsWM8_-pvu8413mYoPH4ryFf3w6oJu3v7--9u_X__xG928_v3ikn54m5rP__yNvr949_b9h-ES0bvnLiItA1aCz15GOgh4oOlaDigq4qDv20I-Pv8-XWYLNUtH3j8xPGy_J-M_n_T5-Xy6eHzl7NAgRXxwkq9tpOneWoUfEj8UfgDJz8fugSgO3Oj0PFXam61OrHoJe2JAqa6xQTwUw58j0aMeiuyQEl7UlOTo20IORg_dSaO8NzH8XF1VvcY3nytROR_HP-wejTwozcb2QVX1A6qAsYcN5HR9eB6UqmOllQdxfT9ikB8_91dbT9RZrlb5SpzA2fR0tlhOF_Pp4mR7JlYql7CcVaer05XIpsssr075VMFirpbLlTrRZ_sbTNPlbJkvJlytFtmKL2A5PRViVpFZBq3QZoKFbeJ8c5Ju_51N81WeLU-MqMCEdEeY8_E2Dyfz9Yk_S5UwXZOaZUaHGO5VRB0NnA11Nl0ZhIBvE-kv81Q6BVTEdL_FWfqETz67L5z03pz9-EXGMZrdGf-_AAAA__9HZQOi">