<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/162900>162900</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [X86] llc SIGSEGV in llvm::X86TargetLowering::LowerVAARG
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          aHeraud
      </td>
    </tr>
</table>

<pre>
    I added var args support to my toy C compiler, and have discovered a segfault inside of llc when attempting to compile my generated llvm module. 

Here's a minimal example that can be used to re-produce the crash:

```
; ModuleID = 'module'
source_filename = "module"

define void @test(i32 %0, ...) {
block_0:
  %1 = alloca <{ i32, i32, ptr, ptr }>, align 8
  %2 = alloca <{ i32 }>, align 8
  call void @llvm.va_start(ptr %1)
  %3 = va_arg ptr %1, <{ i32 }>
  store <{ i32 }> %3, ptr %2, align 1
  call void @llvm.va_end(ptr %1)
  ret void
}

; Function Attrs: nocallback nofree nosync nounwind willreturn
declare void @llvm.va_start(ptr) #0

; Function Attrs: nocallback nofree nosync nounwind willreturn
declare void @llvm.va_end(ptr) #0

attributes #0 = { nocallback nofree nosync nounwind willreturn }
```

The crash backtrace from llc:
```
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: ../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc main.ll
1.      Running pass 'Function Pass Manager' on module 'main.ll'.
2.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@test'
 #0 0x0000598099ad0ce7 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x62d6ce7)
 #1 0x0000598099ad14db SignalHandler(int, siginfo_t*, void*) Signals.cpp:0:0
 #2 0x000075e1b9565050 (/lib/x86_64-linux-gnu/libc.so.6+0x3c050)
 #3 0x0000598096f8bd1e llvm::DataLayout::getTypeSizeInBits(llvm::Type*) const AArch64ISelLowering.cpp:0:0
 #4 0x0000598098fbf52f llvm::X86TargetLowering::LowerVAARG(llvm::SDValue, llvm::SelectionDAG&) const X86ISelLowering.cpp:0:0
 #5 0x00005980973a597f (anonymous namespace)::SelectionDAGLegalize::LegalizeOp(llvm::SDNode*) (.llvm.6546466950859915230) LegalizeDAG.cpp:0:0
 #6 0x00005980973a4cd3 llvm::SelectionDAG::Legalize() (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x3baacd3)
 #7 0x00005980973a094e llvm::SelectionDAGISel::CodeGenAndEmitDAG() (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x3ba694e)
 #8 0x0000598097165e71 llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x396be71)
 #9 0x0000598097b2aa8e llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4330a8e)
#10 0x0000598097a26df1 llvm::SelectionDAGISelLegacy::runOnMachineFunction(llvm::MachineFunction&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x422cdf1)
#11 0x0000598097b01687 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4307687)
#12 0x000059809784be2a llvm::FPPassManager::runOnFunction(llvm::Function&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4051e2a)
#13 0x000059809784b768 llvm::FPPassManager::runOnModule(llvm::Module&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4051768)
#14 0x0000598097848023 llvm::legacy::PassManagerImpl::run(llvm::Module&) (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x404e023)
#15 0x0000598098252626 main (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4a58626)
#16 0x000075e1b955024a __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#17 0x000075e1b9550305 call_init ./csu/../csu/libc-start.c:128:20
#18 0x000075e1b9550305 __libc_start_main ./csu/../csu/libc-start.c:347:5
#19 0x00005980980fbba5 _start (../llvm-21/LLVM-21.1.0-Linux-X64/bin/llc+0x4901ba5)
Segmentation fault (core dumped)
```

And the original C code for reference:
```c
struct S {
    int a;
};

void test(int n, ...) {
 __builtin_va_list args;
    __builtin_va_start(args, n);
    struct S s = __builtin_va_arg(args, struct S);
 __builtin_va_end(args);
}
```

I've tested this with llvm-19 and llvm-21. I don't have llvm checked out locally, but I also tested it against the trunk version of llc in godbolt and the crash still occurrs so the problem appears to still be present in the latest development version: https://godbolt.org/z/7o8j9v4cs.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzEmN9v2zgSx_8a5mUQg6J-P-RBieNsgPS22BRF3wxKHMvc0qRBUk69f_2BlBz_aLq9tnd7RQNLIvmdD2fIEUfcOdlrxBuS35J8fsUHvzb2hv-Glg_iqjVif_MIXAgUsOMWuO0duGG7NdaDN7DZgzd7uIPObLZSoSXsDrgWsOY7BCFdZ3ZoUQAHh_2KD8qD1E4KBLMCpTp4WaMG7j1utl7qPohOWkG8R42WexSg1G4DGyMGhTMgtCG0-Q0tElY64LCRWm64AvzCN1uF4NfcQ8c1tAiDQxFkLV5vrRFDF5oROsvdmqTNqEUKOv2nDUlv4V209DgHks6BsHK0TFhJaOPMYDtcrqRCzTc4dWGHLmxUFLiSGmFnpACSUY_OE1bJlAFhOQ1-ms1mhNVAyltCm1aZ7vOSjkAQ-iRRmCtlOg4kvSPlLciUhZHTz9bb6QdIOSfpffS-kr2G6qDC3lb5xoCOK_WKHFw-2_Gl89wG9miH5Qlh9UE9jeo7vuS2h2P73RuWwgjnjcWv26LS60xYzo5YybexUIs3oCz62DMEoZxPwU1vYTHozkujofHeOpI2oE2QbXn3GbRZWUTQxu11B9oM-kVqAS9SKYt-sDrGs1Pc4t95J0aTpfQfsPo6-XOb3Hsr28Gjiw_HpVne_pBVmPx2uiNo8-GwZSCoeMs7hJU1m7CJp110MuD9033zfA9uaDfSA4d26MHiIWusvd8GZxC2IGzRS78e2llnNoQtwvymn7Bb_8TOE7aQzg3oCFvE3CJ1pwZxsouPSDNCm2cfpimGzXbkojOI_95b01u-CTls2KD2MRxhC47WWELY4unp47trlsySGb1-knr4cv2pyAhbtFLHfh1suNQzpQhtkkn3j0HrkLm23AWvl68xfx8evOOa9yEvlmD0lMBiQpl0WBmY2Te0PlUFzJuHa5Lez5sHeNTO22FUf0aF8WqSXh3MhiR1yDchXY0rgX6hlNK8rmhdc0E7LGNKDS5KG7d348V7K7WPDvwQ3ElYdexk-cvSOG-RbwgrYhrSflx-1Y-6kbBb-qVgouiwnHYuYWlyQZlkooVn2WuufuNaxNdLFY3egZO91Cuz9IQ14T7u-XBZTyPcrNuGFUDj32iATQbKHJO2zouc5jTgByjZErb4UhXLIrtWkbnXw9jQzZyZFZE57WhI3gfi9JS4WFWtSPDEr3Pu-RPfm8GP9z36D_stPsu_8FHfSu_OHByapil0RjsPTWO7dZE9PqN6Mi9ope7fmFR2ylCt2lXOVicMn6riA7c9-oPE-DjefWyaPx7OGJ7nH7kaMHj05OFhqc2bhxj6A-CnqvgOXH4KV6Y8r8tV8DjXRu83ZnAQXqFuGxdb_bW5J-y5kn_hBD3d_b69gP6XEQfXhdUYs2SRZ0VWFHVOq7yukzwkSVbDQWPePLzBW1zwZp1Iv-WJM6S4in5-L6Qt551IjyurvAChdYbfAAkhGJ_eGYEPqBst7jfSx2j9KlVRZ3ikqs6okiLHMvku1fi0UeqWO9ndhoPO-cJ_zZhxVU0r7KeZ66LFMjky12fMLeO8-r4n7aB_1-94t5YaD3hnzF-1_RJ0lqaUV5OjQyY8S9glZ4VY_Z2jwyrs9v8fdMY6sUqO6Mm5v2lSVKfvmgvr4SV5wv0m8H_NybQsqvJIys5Iq6xFxk9IF-8D3OEF_g8x0jxBxo-M6SVjWVT_AeO7qRg5Dfv06Jf5yqI68mUXfBVlpwlTnSzME9LHzfa40f4XlBlSlh4pz15DFctZwYp4lPt5Ezyvikg5mSjOzxY5ZRmH5TIcH8YaYRmO4MtoNBjsXDhdRNtu7wRuw_lWb72azhyXg2ahWC0zkjbpZLG8tJjSPJZKS6mlvzQyXgbl66g8C8f2hFUkbRidFKu3FM_m8Bb-m8ppVpK0ySfhsxxc0VXb8hxGyZ-PQE2TludjBJ6xD2d6Hl8j43cGwqoulJuhEkAxBeq8qGm0iFWEseE0yVX8kCEQVsaCxRVa1B1eVDcdoc14CofnqXYPJ3epPXCS3k5153hBm1i3HWp_7UF_VfjDctkOUnmplzu-VNL5-JVlVAjKZ-2HajN2YXdBrz52feVysfI7G8ltfzLu0PM4_KzzWF6OnevjrL5y4CNh5Q7jBDG4Ujp4kX4dE8B1UsdybYrrDB5BxGrFj1-H4hedbo3dZxRgBg8qFqn7gNcOHh6BK2cO2qGM7LkMp84QMW8H_Rl2aF0I-PQtSWrojWiN8tHwsT50XioFpusGax0E0TXC1ppW4Qb4dovculCYjv3a0IYOtQ-KoavigQIE7lCZbVhoB9OhhrwoZ0eCmQn-XvxF2KI01Z_1Luvc7ErcpKJOa36FN0lZ0ITRmhVX65vVKqvKhNJEZHmRJ1leViWti6Iu6UrURXYlbxhleUITmlSsyopZUQiaZUxUrMWsrJFkFDdcqvHsa2x_FYvmm6RgNaVXireoXPzMx5jGF4ithDGSz6_sTYxRO_SOZDQsQXeU8dKr-H3wU1WQfB4d_fz48Hz_8DG45wcKjavBqpufr_2nmexu2L8DAAD__-eGJTE">