[llvm-bugs] [Bug 28613] New: stage2 bootstrap crashes after r273585

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jul 19 02:51:36 PDT 2016 

https://llvm.org/bugs/show_bug.cgi?id=28613

            Bug ID: 28613
           Summary: stage2 bootstrap crashes after r273585
           Product: clang
           Version: 3.9
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: ismail at i10z.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 16764
  --> https://llvm.org/bugs/attachment.cgi?id=16764&action=edit
Preprocessed file and shell script

gdb backtrace:

#0 0x00007ff3a922cec8 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/Support/Unix/Signals.inc:402:13
#1 0x00007ff3a922ad26 bool std::__1::operator!=<std::__1::pair<void
(*)(void*), void*>*>(std::__1::__wrap_iter<std::__1::pair<void
(*)(void*), void*>*> const&, std::__1::__wrap_iter<std::__1::pair<void
(*)(void*), void*>*> const&)
/usr/bin/../include/c++/v1/iterator:1364:12
#2 0x00007ff3a922ad26 llvm::sys::RunSignalHandlers()
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/Support/Signals.cpp:44:0
#3 0x00007ff3a922d501 SignalHandler(int)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/Support/Unix/Signals.inc:256:1
#4 0x00007ff3a8ce4ef0 __restore_rt (/lib64/libpthread.so.0+0x10ef0)
#5 0x00007ff3a779d7b3
llvm::SelectionDAG::TransferDbgValues(llvm::SDValue, llvm::SDValue)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6666:46
#6 0x00007ff3a779d551 llvm::SDValue::operator==(llvm::SDValue const&)
const
/home/abuild/rpmbuild/BUILD/llvm/stage1/../include/llvm/CodeGen/SelectionDAGNodes.h:126:27
#7 0x00007ff3a779d551
llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDValue, llvm::SDValue)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6312:0
#8 0x00007ff3a768d6e0 (anonymous
namespace)::SelectionDAGLegalize::ReplaceNode(llvm::SDValue,
llvm::SDValue)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/LegalizeDAG.cpp:190:9
#9 0x00007ff3a768b21f (anonymous
namespace)::SelectionDAGLegalize::LegalizeOp(llvm::SDNode*)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/LegalizeDAG.cpp:1128:11
#10 0x00007ff3a768a585 llvm::SelectionDAG::Legalize()
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/LegalizeDAG.cpp:4428:28
#11 0x00007ff3a77b1d34 llvm::TimeRegion::~TimeRegion()
/home/abuild/rpmbuild/BUILD/llvm/stage1/../include/llvm/Support/Timer.h:148:9
#12 0x00007ff3a77b1d34 llvm::SelectionDAGISel::CodeGenAndEmitDAG()
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:824:0
#13 0x00007ff3a77b027d
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#14 0x00007ff3a77ac88b
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:505:36
#15 0x00007ff3aa6a4451 (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/Target/X86/X86ISelDAGToDAG.cpp:176:7
#16 0x00007ff3a9ca0aa5
llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/CodeGen/MachineFunctionPass.cpp:60:13
#17 0x00007ff3a995df04
llvm::FPPassManager::runOnFunction(llvm::Function&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/IR/LegacyPassManager.cpp:1526:23
#18 0x00007ff3a995e14b llvm::FPPassManager::runOnModule(llvm::Module&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/IR/LegacyPassManager.cpp:1547:13
#19 0x00007ff3a995e5b3 (anonymous
namespace)::MPPassManager::runOnModule(llvm::Module&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/IR/LegacyPassManager.cpp:1603:23
#20 0x00007ff3a995e5b3
llvm::legacy::PassManagerImpl::run(llvm::Module&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../lib/IR/LegacyPassManager.cpp:1706:0
#21 0x00007ff3a86332ed (anonymous
namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction,
llvm::raw_pwrite_stream*)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/CodeGen/BackendUtil.cpp:767:3
#22 0x00007ff3a86332ed
clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&,
clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*,
clang::BackendAction, llvm::raw_pwrite_stream*)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/CodeGen/BackendUtil.cpp:778:0
#23 0x00007ff3a88317dd
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/CodeGen/CodeGenAction.cpp:178:7
#24 0x00007ff3a661d376
std::__1::enable_if<(is_move_constructible<bool>::value) &&
(is_move_assignable<bool>::value), void>::type
std::__1::swap<bool>(bool&, bool&)
/usr/bin/../include/c++/v1/type_traits:4206:9
#25 0x00007ff3a661d376 clang::ParseAST(clang::Sema&, bool, bool)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/Parse/ParseAST.cpp:169:0
#26 0x00007ff3a83b3ee6 clang::FrontendAction::Execute()
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/Frontend/FrontendAction.cpp:461:7
#27 0x00007ff3a8377c21
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/Frontend/CompilerInstance.cpp:877:7
#28 0x00007ff3aa8c3bb9
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:241:18
#29 0x000000000040ec2a cc1_main(llvm::ArrayRef<char const*>, char
const*, void*)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/tools/driver/cc1_main.cpp:116:13
#30 0x000000000040d895 ExecuteCC1Tool(llvm::ArrayRef<char const*>,
llvm::StringRef)
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/tools/driver/driver.cpp:301:12
#31 0x000000000040d895 main
/home/abuild/rpmbuild/BUILD/llvm/stage1/../tools/clang/tools/driver/driver.cpp:382:0
#32 0x00007ff3a795d741 __libc_start_main (/lib64/libc.so.6+0x20741)
#33 0x000000000040a829 _start
/home/abuild/rpmbuild/BUILD/glibc-2.23/csu/../sysdeps/x86_64/start.S:121:0

Further debugging shows that this is a use-after-free:

#0  llvm::SelectionDAG::TransferDbgValues (this=<optimized out>,
From=..., To=...)
    at ../lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6666
6666        if (Dbg->getKind() == SDDbgValue::SDNODE &&
(gdb) print Dbg
$1 = (llvm::SDDbgValue *) 0x4545454545454545

The value 0x45 is what I set as MALLOC_PERTURB_ [0] value. You can
easily reproduce this on Linux with malloc debugging, just do

export MALLOC_CHECK_=3
export MALLOC_PERTURB_=69

See
https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html
for more details.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160719/9e793708/attachment.html>

More information about the llvm-bugs mailing list