Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

heap-use-after-free in SelectionDAG #29121

Closed
llvmbot opened this issue Jul 28, 2016 · 3 comments
Closed

heap-use-after-free in SelectionDAG #29121

llvmbot opened this issue Jul 28, 2016 · 3 comments
Labels
bugzilla Issues migrated from bugzilla

Comments

@llvmbot
Copy link
Collaborator

llvmbot commented Jul 28, 2016

Bugzilla Link 28749
Resolution FIXED
Resolved on Aug 03, 2016 02:55
Version unspecified
OS Windows NT
Attachments reproducer
Reporter LLVM Bugzilla Contributor
CC @zmodem,@hfinkel

Extended Description

compiling the attached using clang built with Asan results in
heap-use-after-free. llvm, clang, libcxx, libcxxabi, compiler-rt, libunwind are trunk, r276955. clang configured as:

cmake -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -GNinja -DCMAKE_BUILD_TYPE=Debug -DLLVM_USE_SANITIZER:STRING="Address" -DCMAKE_C_FLAGS_DEBUG="-gmlt" -DCMAKE_CXX_FLAGS_DEBUG="-gmlt"

the compilation command is:

~/asan/build/bin/clang++ -cc1 -emit-obj -debug-info-kind=limited -O2 rational.cpp

where rational.cpp is attached.
The Asan report is:

=================================================================
==19198==ERROR: AddressSanitizer: heap-use-after-free on address 0x61f0000080b8 at pc 0x0000042b476d bp 0x7ffde4fb80f0 sp 0x7ffde4fb80e8

READ of size 8 at 0x61f0000080b8 thread T0
#​0 0x42b476c in llvm::SelectionDAG::TransferDbgValues(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6644:23
#​1 0x42b4187 in llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6289:3
#​2 0x42b4f97 in llvm::SelectionDAG::ReplaceAllUsesOfValueWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6404:5
#​3 0x435a841 in llvm::DAGTypeLegalizer::ReplaceValueWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:705:9
#​4 0x44215d2 in llvm::DAGTypeLegalizer::PromoteIntegerOperand(llvm::SDNode*, unsigned int) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp:931:3
#​5 0x4359427 in llvm::DAGTypeLegalizer::run() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:290:28
#​6 0x4362e39 in llvm::SelectionDAG::LegalizeTypes() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:1176:34
#​7 0x42eac53 in llvm::SelectionDAGISel::CodeGenAndEmitDAG() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:769:23
#​8 0x42ea390 in llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction const>, llvm::ilist_iterator<llvm::Instruction const>, bool&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:679:3
#​9 0x42e9b9b in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#​10 0x42e67dc in llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#​11 0x1d8f18d in (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#​12 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#​13 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#​14 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#​15 0x2ae0d63 in (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#​16 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#​17 0x36413b1 in (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#​18 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#​19 0x4461c23 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#​20 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool) /home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#​21 0x445f2d5 in clang::CodeGenAction::ExecuteAction() /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28
#​22 0x3dda801 in clang::FrontendAction::Execute() /home/ceemple/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:458:8
#​23 0x3d5d606 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/ceemple/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:868:11
#​24 0x3f14549 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/ceemple/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:241:25
#​25 0xdb2213 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/ceemple/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
#​26 0xda39f8 in ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) /home/ceemple/llvm/tools/clang/tools/driver/driver.cpp:299:12
#​27 0xda288d in main /home/ceemple/llvm/tools/clang/tools/driver/driver.cpp:380:12
#​28 0x7fa60b39582f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#​29 0xcd3e68 in _start (/home/ceemple/asan/build/bin/clang-4.0+0xcd3e68)

0x61f0000080b8 is located 568 bytes inside of 3072-byte region [0x61f000007e80,0x61f000008a80)
freed by thread T0 here:
#​0 0xd9fefb in operator delete(void*) /home/ceemple/llvm/build/../projects/compiler-rt/lib/asan/asan_new_delete.cc:110:3
#​1 0x42cd773 in llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::grow(unsigned int) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:679:5
#​2 0x42cd4d3 in llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >* llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucketImpl<llvm::SDNode const*>(llvm::SDNode const* const&, llvm::SDNode const* const&, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:484:13
#​3 0x42ccf57 in llvm::detail::DenseMapPair<llvm::SDNode const, llvm::SmallVector<llvm::SDDbgValue*, 2u> >* llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucket<llvm::SDNode const* const&>(llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >, llvm::SDNode const const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:450:17
#​4 0x42ccdd5 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::FindAndConstruct(llvm::SDNode const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:267:13
#​5 0x42ccca8 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::operator[](llvm::SDNode const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:271:12
#​6 0x42c7822 in llvm::SDDbgInfo::add(llvm::SDDbgValue*, llvm::SDNode const*, bool) /home/ceemple/llvm/include/llvm/CodeGen/SelectionDAG.h:132:7
#​7 0x42b68d3 in llvm::SelectionDAG::AddDbgValue(llvm::SDDbgValue*, llvm::SDNode*, bool) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6632:12
#​8 0x42b46a8 in llvm::SelectionDAG::TransferDbgValues(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6652:7
#​9 0x42b4187 in llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6289:3
#​10 0x42b4f97 in llvm::SelectionDAG::ReplaceAllUsesOfValueWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6404:5
#​11 0x435a841 in llvm::DAGTypeLegalizer::ReplaceValueWith(llvm::SDValue, llvm::SDValue) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:705:9
#​12 0x44215d2 in llvm::DAGTypeLegalizer::PromoteIntegerOperand(llvm::SDNode*, unsigned int) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp:931:3
#​13 0x4359427 in llvm::DAGTypeLegalizer::run() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:290:28
#​14 0x4362e39 in llvm::SelectionDAG::LegalizeTypes() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:1176:34
#​15 0x42eac53 in llvm::SelectionDAGISel::CodeGenAndEmitDAG() /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:769:23
#​16 0x42ea390 in llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction const>, llvm::ilist_iterator<llvm::Instruction const>, bool&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:679:3
#​17 0x42e9b9b in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#​18 0x42e67dc in llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#​19 0x1d8f18d in (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#​20 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#​21 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#​22 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#​23 0x2ae0d63 in (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#​24 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#​25 0x36413b1 in (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#​26 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#​27 0x4461c23 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#​28 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool) /home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#​29 0x445f2d5 in clang::CodeGenAction::ExecuteAction() /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28

previously allocated by thread T0 here:
#​0 0xd9f8fb in operator new(unsigned long) /home/ceemple/llvm/build/../projects/compiler-rt/lib/asan/asan_new_delete.cc:78:35
#​1 0x42cab42 in llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::allocateBuckets(unsigned int) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:729:37
#​2 0x42cd72c in llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::grow(unsigned int) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:669:5
#​3 0x42cd4d3 in llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >* llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucketImpl<llvm::SDNode const*>(llvm::SDNode const* const&, llvm::SDNode const* const&, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:484:13
#​4 0x42ccf57 in llvm::detail::DenseMapPair<llvm::SDNode const, llvm::SmallVector<llvm::SDDbgValue*, 2u> >* llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucket<llvm::SDNode const* const&>(llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> >, llvm::SDNode const const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:450:17
#​5 0x42ccdd5 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::FindAndConstruct(llvm::SDNode const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:267:13
#​6 0x42ccca8 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode const*>, llvm::detail::DenseMapPair<llvm::SDNode const*, llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::operator[](llvm::SDNode const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:271:12
#​7 0x42c7822 in llvm::SDDbgInfo::add(llvm::SDDbgValue*, llvm::SDNode const*, bool) /home/ceemple/llvm/include/llvm/CodeGen/SelectionDAG.h:132:7
#​8 0x42b68d3 in llvm::SelectionDAG::AddDbgValue(llvm::SDDbgValue*, llvm::SDNode*, bool) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6632:12
#​9 0x421ef91 in llvm::SelectionDAGBuilder::visitIntrinsicCall(llvm::CallInst const&, unsigned int) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:4936:11
#​10 0x41f2c10 in llvm::SelectionDAGBuilder::visitCall(llvm::CallInst const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:6216:20
#​11 0x41e1b8d in llvm::SelectionDAGBuilder::visit(llvm::Instruction const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:981:3
#​12 0x42ea2c2 in llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction const>, llvm::ilist_iterator<llvm::Instruction const>, bool&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:671:10
#​13 0x42e9b9b in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#​14 0x42e67dc in llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#​15 0x1d8f18d in (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) /home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#​16 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#​17 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#​18 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#​19 0x2ae0d63 in (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#​20 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&) /home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#​21 0x36413b1 in (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#​22 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) /home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#​23 0x4461c23 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#​24 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool) /home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#​25 0x445f2d5 in clang::CodeGenAction::ExecuteAction() /home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28
#​26 0x3dda801 in clang::FrontendAction::Execute() /home/ceemple/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:458:8
#​27 0x3d5d606 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/ceemple/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:868:11
#​28 0x3f14549 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/ceemple/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:241:25
#​29 0xdb2213 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/ceemple/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13

SUMMARY: AddressSanitizer: heap-use-after-free /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6644:23 in llvm::SelectionDAG::TransferDbgValues(llvm::SDValue, llvm::SDValue)
Shadow bytes around the buggy address:
0x0c3e7fff8fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3e7fff8fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff8fe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff8ff0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c3e7fff9010: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
0x0c3e7fff9020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19198==ABORTING
@llvmbot
Copy link
Collaborator Author

llvmbot commented Jul 28, 2016

possibly duplicate of bug #28987

@zmodem
Copy link
Collaborator

zmodem commented Jul 29, 2016

Nirav's r277135 seems to have fixed this.

@llvmbot
Copy link
Collaborator Author

llvmbot commented Aug 3, 2016

fixed for me too, thanks!

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 10, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bugzilla Issues migrated from bugzilla
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zmodem @llvmbot