[llvm-bugs] [Bug 45195] New: clang rGfcc2238b8bfb crashes randomly due to memory corruption

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Mar 13 08:59:12 PDT 2020


https://bugs.llvm.org/show_bug.cgi?id=45195

            Bug ID: 45195
           Summary: clang rGfcc2238b8bfb crashes randomly due to memory
                    corruption
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: ehudkatz at gmail.com
          Reporter: samitolvanen at google.com
                CC: htmldeveloper at gmail.com, keno at alumni.harvard.edu,
                    listmail at philipreames.com, llvm-bugs at lists.llvm.org,
                    max.kazantsev at azul.com, ndesaulniers at google.com,
                    neeilans at live.com, nikita.ppv at gmail.com,
                    richard-llvm at metafoo.co.uk,
                    sanjoy at playingwithpointers.com

Created attachment 23229
  --> https://bugs.llvm.org/attachment.cgi?id=23229&action=edit
ecc-7086f7 crash reproducer

Starting with commit fcc2238b8bfb9498b46a48d219193de8c00a25a0 ("[SCEV] Add
missing cache queries"), clang started randomly crashing when compiling the
Linux kernel with the following type of errors:

free(): invalid size
Stack dump:
0.      Program arguments:
/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11
-cc1 -triple aarch64-unknown-linux-gnu -S -disable-free -disable-llvm-v
erifier -discard-value-names -main-file-name ecc.c -mrelocation-model static
-mthread-model posix -fno-delete-null-pointer-checks -mllvm
-warn-stack-size=2048 -mframe-pointer=non-leaf -relaxed-aliasing -mdisable
-tail-calls -fmath-errno -fno-rounding-math -masm-verbose -no-integrated-as
-mconstructor-aliases -target-cpu generic -target-feature -fp-armv8
-target-feature -crypto -target-feature -neon -target-feature -sha2
 -target-feature -aes -target-abi aapcs -mllvm
-aarch64-enable-global-merge=false -fallow-half-arguments-and-returns
-dwarf-column-info -fno-split-dwarf-inlining -debug-info-kind=limited
-dwarf-version=4 -debugg
er-tuning=gdb -nostdsysteminc -nobuiltininc -resource-dir
/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/lib/clang/11.0.0
-dependency-file crypto/.ecc.o.d -MT
 crypto/ecc.o -sys-header-deps -isystem
/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/lib/clang/11.0.0/include
-include ./include/linux/kconfig.h -include ./
include/linux/compiler_types.h -I ./arch/arm64/include -I
./arch/arm64/include/generated -I ./include -I ./arch/arm64/include/uapi -I
./arch/arm64/include/generated/uapi -I ./include/uapi -I ./include/generated/
uapi -D __KERNEL__ -D KASAN_SHADOW_SCALE_SHIFT=3 -D
CONFIG_CC_HAS_K_CONSTRAINT=1 -D KASAN_SHADOW_SCALE_SHIFT=3 -D MODULE -D
KBUILD_BASENAME="ecc" -D KBUILD_MODNAME="ecc" -fmacro-prefix-map=./= -O2 -Wall
-Wundef 
-Werror=strict-prototypes -Wno-trigraphs -Werror=implicit-function-declaration
-Werror=implicit-int -Wno-format-security -Werror=unknown-warning-option
-Wno-frame-address -Wno-address-of-packed-member -Wno-forma
t-invalid-specifier -Wno-gnu -Wno-tautological-compare
-Wno-unused-const-variable -Wdeclaration-after-statement -Wvla
-Wno-pointer-sign -Werror=date-time -Werror=incompatible-pointer-types
-Wno-initializer-overr
ides -Wno-format -Wno-sign-compare -Wno-format-zero-length -std=gnu89
-fno-dwarf-directory-asm -fdebug-compilation-dir
/usr/local/google/home/samitolvanen/android/kernel/linux -ferror-limit 19
-fmessage-length 0
 -fwrapv -stack-protector 2 -fno-signed-char -fwchar-type=short
-fno-signed-wchar -fgnuc-version=4.2.1 -fobjc-runtime=gcc
-fdiagnostics-show-option -vectorize-loops -vectorize-slp -o /tmp/ecc-cd5bc4.s
-x c crypt
o/ecc.c 
1.      <eof> parser at end of file
2.      Code generation
3.      Running pass 'Function Pass Manager' on module 'crypto/ecc.c'.
4.      Running pass 'Loop Pass Manager' on function '@xycz_add'
5.      Running pass 'Induction Variable Users' on basic block '%532'
 #0 0x0000000002665274 PrintStackTraceSignalHandler(void*)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2665274)
 #1 0x0000000002662fbe llvm::sys::RunSignalHandlers()
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2662fbe)
 #2 0x000000000266566c SignalHandler(int)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x266566c)
 #3 0x00007f9d21f60520 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x13520)
 #4 0x00007f9d204fe081 raise
/build/glibc-G5rUEF/glibc-2.29/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #5 0x00007f9d204e9535 abort /build/glibc-G5rUEF/glibc-2.29/stdlib/abort.c:81:7
 #6 0x00007f9d2053fdb8 __libc_message
/build/glibc-G5rUEF/glibc-2.29/libio/../sysdeps/posix/libc_fatal.c:183:1
 #7 0x00007f9d2054631a /build/glibc-G5rUEF/glibc-2.29/malloc/malloc.c:5367:3
 #8 0x00007f9d20547c5c _int_free
/build/glibc-G5rUEF/glibc-2.29/malloc/malloc.c:4189:5
 #9 0x0000000001c9a919 llvm::normalizeForPostIncUseIf(llvm::SCEV const*,
llvm::function_ref<bool (llvm::SCEVAddRecExpr const*)>, llvm::ScalarEvolution&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/buil
d.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x1c9a919)
#10 0x0000000001da4fd7 llvm::IVUsers::AddUsersImpl(llvm::Instruction*,
llvm::SmallPtrSetImpl<llvm::Loop*>&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bi
n/clang-11+0x1da4fd7)
#11 0x0000000001da4e99 llvm::IVUsers::AddUsersImpl(llvm::Instruction*,
llvm::SmallPtrSetImpl<llvm::Loop*>&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bi
n/clang-11+0x1da4e99)
#12 0x0000000001da4e99 llvm::IVUsers::AddUsersImpl(llvm::Instruction*,
llvm::SmallPtrSetImpl<llvm::Loop*>&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bi
n/clang-11+0x1da4e99)
#13 0x0000000001da4e99 llvm::IVUsers::AddUsersImpl(llvm::Instruction*,
llvm::SmallPtrSetImpl<llvm::Loop*>&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bi
n/clang-11+0x1da4e99)
#14 0x0000000001da5516 llvm::IVUsers::IVUsers(llvm::Loop*,
llvm::AssumptionCache*, llvm::LoopInfo*, llvm::DominatorTree*,
llvm::ScalarEvolution*)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc22
38b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x1da5516)
#15 0x0000000001da5c9d llvm::IVUsersWrapperPass::runOnLoop(llvm::Loop*,
llvm::LPPassManager&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x1
da5c9d)
#16 0x0000000001bc38f7 llvm::LPPassManager::runOnFunction(llvm::Function&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x1bc38f7)
#17 0x00000000020f1989 llvm::FPPassManager::runOnFunction(llvm::Function&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x20f1989)
#18 0x00000000020f1bf3 llvm::FPPassManager::runOnModule(llvm::Module&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x20f1bf3)
#19 0x00000000020f218f llvm::legacy::PassManagerImpl::run(llvm::Module&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x20f218f)
#20 0x000000000280194c clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayou
t const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x280194c)
#21 0x0000000002f710db
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2f710db)
#22 0x0000000003b81c33 clang::ParseAST(clang::Sema&, bool, bool)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x3b81c33)
#23 0x0000000002ece341 clang::FrontendAction::Execute()
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2ece341)
#24 0x0000000002e2b9df
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2e2b9df)
#25 0x0000000002f6b80b
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x2f6b80b)
#26 0x00000000015a5df5 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x15a5df5)
#27 0x00000000015a4001 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x15a4001)
#28 0x00000000015a3dc4 main
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x15a3dc4)
#29 0x00007f9d204eabbb __libc_start_main
/build/glibc-G5rUEF/glibc-2.29/csu/../csu/libc-start.c:342:3
#30 0x00000000015a102a _start
(/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin/clang-11+0x15a102a)
clang-11: error: unable to execute command: Aborted
clang-11: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 11.0.0 (https://github.com/llvm/llvm-project.git
fcc2238b8bfb9498b46a48d219193de8c00a25a0)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir:
/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin
clang-11: note: diagnostic msg: PLEASE submit a bug report to
https://bugs.llvm.org/ and include the crash backtrace, preprocessed source,
and associated run script.
  CC      kernel/auditfilter.o
  CC      kernel/auditsc.o
clang-11: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-11: note: diagnostic msg: /tmp/ecc-7086f7.c
clang-11: note: diagnostic msg: /tmp/ecc-7086f7.sh
clang-11: note: diagnostic msg: 

********************

malloc(): unsorted double linked list corrupted
Stack dump:
isable-tail-calls -fmath-errno -fno-rounding-math -masm-verbose
-no-integrated-as -mconstructor-aliases -target-cpu generic -target-feature
-fp-armv8 -target-feature -crypto -target-feature -neon -target-featu- 
1.      <eof> parser at end of file
2.      Per-module optimization passes
3.      Running pass 'CallGraph Pass Manager' on module
'drivers/mtd/nand/raw/nand_base.c'.
4.      Running pass 'Loop Pass Manager' on function '@nand_write_oob_syndrome'
5.      Running pass 'Induction Variable Simplification' on basic block
'malloc(): unsorted double linked list corrupted
clang-11: error: unable to execute command: Aborted
clang-11: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 11.0.0 (https://github.com/llvm/llvm-project.git
fcc2238b8bfb9498b46a48d219193de8c00a25a0)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir:
/usr/local/google/home/samitolvanen/src/unified-llvm/build.fcc2238b8bfb9498b46a48d219193de8c00a25a0/bin
clang-11: note: diagnostic msg: PLEASE submit a bug report to
https://bugs.llvm.org/ and include the crash backtrace, preprocessed source,
and associated run script.
clang-11: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-11: note: diagnostic msg: /tmp/nand_base-e86fa8.c
clang-11: note: diagnostic msg: /tmp/nand_base-e86fa8.sh
clang-11: note: diagnostic msg: 

********************

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200313/fd068eb6/attachment.html>


More information about the llvm-bugs mailing list