search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

Clang rGc78da037783b segfaults when building an arm64 Linux kernel #46806

Closed Quuxplusone closed 4 years ago

Quuxplusone commented 4 years ago
Bugzilla Link PR47837
Status RESOLVED FIXED
Importance P normal
Reported by Sami Tolvanen (samitolvanen@google.com)
Reported on 2020-10-13 16:42:00 -0700
Last modified on 2020-10-21 02:01:17 -0700
Version trunk
Hardware PC Linux
CC aaron@aaronballman.com, craig.topper@gmail.com, htmldeveloper@gmail.com, jennifer.yu@intel.com, llvm-bugs@lists.llvm.org, ndesaulniers@google.com, neeilans@live.com, richard-llvm@metafoo.co.uk, srhines@google.com
Fixed by commit(s)
Attachments slub-ad4157.tar.xz (841312 bytes, application/x-xz)
Blocks PR4068
Blocked by
See also 
Starting with commit c78da037783bda0f27f4d82060149166e6f0c796 ("[clang] Improve
handling of physical registers in inline assembly operands."), Clang crashes
when I build the ToT arm64 Linux kernel:

Stack dump:
0.      Program arguments: [...]/unified-llvm/testbuild-release/bin/clang-12 -
cc1 -triple aarch64-unknown-linux-gnu -S -disable-free -disable-llvm-verifier -
discard-value-names -main-file-name slub.c -mrelocation-model static -fno-
delete-null-pointer-checks -mllvm -warn-stack-size=2048 -mframe-pointer=non-
leaf -relaxed-aliasing -mdisable-tail-calls -fmath-errno -fno-rounding-math -no-
integrated-as -mconstructor-aliases -target-cpu generic -target-feature -fp-
armv8 -target-feature -crypto -target-feature -neon -target-feature -sha2 -
target-feature -aes -target-feature +reserve-x18 -target-abi aapcs -mllvm -
aarch64-enable-global-merge=false   CC [M]  fs/btrfs/compression.o
-msign-return-address=all -msign-return-address-key=a_key -mbranch-target-
enforce -fallow-half-arguments-and-returns -fno-split-dwarf-inlining -debug-
info-kind=limited -dwarf-version=4 -debugger-tuning=gdb -nostdsysteminc -
nobuiltininc -resource-dir [...]/unified-llvm/testbuild-
release/lib/clang/12.0.0 -dependency-file mm/.slub.o.d -MT mm/slub.o -isystem
[...]/unified-llvm/testbuild-release/lib/clang/12.0.0/include -include
../include/linux/kconfig.h -include ../include/linux/compiler_types.h -I
../arch/arm64/include -I ./arch/arm64/include/generated -I ../include -I
./include -I ../arch/arm64/include/uapi -I ./arch/arm64/include/generated/uapi -
I ../include/uapi -I ./include/generated/uapi -D __KERNEL__ -D
KASAN_SHADOW_SCALE_SHIFT=3 -D CONFIG_CC_HAS_K_CONSTRAINT=1 -D
ARM64_ASM_ARCH="armv8.4-a" -D KASAN_SHADOW_SCALE_SHIFT=3 -I ../mm -I ./mm -D
KBUILD_MODFILE="mm/slub" -D KBUILD_BASENAME="slub" -D KBUILD_MODNAME="slub" -
fmacro-prefix-map=../= -O2 -Wall -Wundef -Werror=strict-prototypes -Wno-
trigraphs -Werror=implicit-function-declaration -Werror=implicit-int -Wno-
format-security -Werror=unknown-warning-option -Wno-psabi -Wno-frame-address -
Wno-address-of-packed-member -Wno-format-invalid-specifier -Wno-gnu -Wno-unused-
const-variable -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-array-
bounds -Werror=date-time -Werror=incompatible-pointer-types -Wno-initializer-
overrides -Wno-format -Wno-sign-compare -Wno-format-zero-length -Wno-pointer-to-
enum-cast -Wno-tautological-constant-out-of-range-compare -std=gnu89 -fno-dwarf-
directory-asm -fdebug-compilation-dir /mnt/ssd2/android/kernel/linux/kernel-
build -ferror-limit 19 -fsanitize=shadow-call-stack -fwrapv -stack-protector 2 -
fno-signed-char -fwchar-type=short -fno-signed-wchar -fgnuc-version=4.2.1 -
vectorize-loops -vectorize-slp -o /tmp/slub-b9ad40.s -x c ../mm/slub.c
1.      <eof> parser at end of file
2.      Code generation
3.      Running pass 'Function Pass Manager' on module '../mm/slub.c'.
4.      Running pass 'Early Machine Loop Invariant Code Motion' on function
'@kmem_cache_alloc'

#0 0x0000000002a49893 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
([...]/unified-llvm/testbuild-release/bin/clang-12+0x2a49893)
 #1 0x0000000002a476ce llvm::sys::RunSignalHandlers() ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2a476ce)
 #2 0x0000000002a49d3c SignalHandler(int) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2a49d3c)
 #3 0x00007faec85ed140 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14140)
 #4 0x0000000002225ef1 (anonymous namespace)::MachineLICMBase::IsLoopInvariantInst(llvm::MachineInstr&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2225ef1)
 #5 0x0000000002221b15 (anonymous namespace)::MachineLICMBase::runOnMachineFunction(llvm::MachineFunction&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2221b15)
 #6 0x00000000020b1f28 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x20b1f28)
 #7 0x0000000002470316 llvm::FPPassManager::runOnFunction(llvm::Function&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2470316)
 #8 0x0000000002475de3 llvm::FPPassManager::runOnModule(llvm::Module&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x2475de3)
 #9 0x000000000247094f llvm::legacy::PassManagerImpl::run(llvm::Module&) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x247094f)
#10 0x0000000002c1f1ce clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout
const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >) ([...]/unified-llvm/testbuild-
release/bin/clang-12+0x2c1f1ce)
#11 0x00000000033be8a7
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
([...]/unified-llvm/testbuild-release/bin/clang-12+0x33be8a7)
#12 0x00000000041e8453 clang::ParseAST(clang::Sema&, bool, bool) ([...]/unified-
llvm/testbuild-release/bin/clang-12+0x41e8453)
#13 0x00000000033189b5 clang::FrontendAction::Execute() ([...]/unified-
llvm/testbuild-release/bin/clang-12+0x33189b5)
#14 0x0000000003276d51
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) ([...]/unified-
llvm/testbuild-release/bin/clang-12+0x3276d51)
#15 0x00000000033b9baa
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) ([...]/unified-
llvm/testbuild-release/bin/clang-12+0x33b9baa)
#16 0x00000000017d6e33 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) ([...]/unified-llvm/testbuild-release/bin/clang-12+0x17d6e33)
#17 0x00000000017d51d1 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
([...]/unified-llvm/testbuild-release/bin/clang-12+0x17d51d1)
#18 0x00000000017d4f97 main ([...]/unified-llvm/testbuild-release/bin/clang-
12+0x17d4f97)
#19 0x00007faec80b0cca __libc_start_main ./csu/../csu/libc-start.c:308:16
#20 0x00000000017d202a _start ([...]/unified-llvm/testbuild-release/bin/clang-
12+0x17d202a)
clang-12: error: unable to execute command: Segmentation fault
clang-12: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 12.0.0 ([...]/unified-llvm/llvm-project/.git
c78da037783bda0f27f4d82060149166e6f0c796)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: [...]/unified-llvm/testbuild-release/bin
clang-12: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-12: note: diagnostic msg: /tmp/slub-ad4157.c
clang-12: note: diagnostic msg: /tmp/slub-ad4157.sh
clang-12: note: diagnostic msg:

********************
Quuxplusone commented 4 years ago

Attached slub-ad4157.tar.xz (841312 bytes, application/x-xz): ``` slub-ad4157*

Quuxplusone commented 4 years ago 
Jonas, unless the fix is immediately obvious from the attached reproducer,
please revert. We can then work on getting a more concise test case if the one
supplied is insufficient.

clang: ../lib/IR/InlineAsm.cpp:39:
llvm::InlineAsm::InlineAsm(llvm::FunctionType *, const std::string &, const
std::string &, bool, bool, llvm::InlineAsm::AsmDialect): Assertion
`Verify(getFunctionType(), constraints) && "Function type not legal for
constraints!"' failed.
...
3.      ./arch/arm64/include/asm/atomic_lse.h:414:1
<Spelling=./arch/arm64/include/asm/atomic_lse.h:384:34>: Generating code for
declaration '__lse__cmpxchg_double'
...
#11 0x00000000036e95e0 llvm::InlineAsm::Verify(llvm::FunctionType*,
llvm::StringRef) (/android0/llvm-project/llvm/build/bin/clang-12+0x36e95e0)
#12 0x00000000036eb5fb llvm::InlineAsmKeyType::create(llvm::PointerType*) const
(/android0/llvm-project/llvm/build/bin/clang-12+0x36eb5fb)
#13 0x00000000036e9c73
llvm::ConstantUniqueMap<llvm::InlineAsm>::getOrCreate(llvm::PointerType*,
llvm::InlineAsmKeyType) (/android0/llvm-project/llvm/build/bin/clang-
12+0x36e9c73)
#14 0x00000000036e9954 llvm::InlineAsm::get(llvm::FunctionType*,
llvm::StringRef, llvm::StringRef, bool, bool, llvm::InlineAsm::AsmDialect)
(/android0/llvm-project/llvm/build/bin/clang-12+0x36e9954)
#15 0x000000000433b0fd
clang::CodeGen::CodeGenFunction::EmitAsmStmt(clang::AsmStmt const&)
(/android0/llvm-project/llvm/build/bin/clang-12+0x433b0fd)
Quuxplusone commented 4 years ago 
I'll need to preprocess the output, but the source definition looks like:

https://github.com/ClangBuiltLinux/linux/blob/b5fc7a89e58bcc059a3d5e4db79c481fb437de59/arch/arm64/include/asm/atomic_lse.h#L383-L415

399   asm volatile(             \
400   __LSE_PREAMBLE              \
401   " casp" #mb "\t%[old1], %[old2], %[new1], %[new2], %[v]\n"\
402   " eor %[old1], %[old1], %[oldval1]\n"     \
403   " eor %[old2], %[old2], %[oldval2]\n"     \
404   " orr %[old1], %[old1], %[old2]"      \
405   : [old1] "+&r" (x0), [old2] "+&r" (x1),       \
406     [v] "+Q" (*(unsigned long *)ptr)        \
407   : [new1] "r" (x2), [new2] "r" (x3), [ptr] "r" (x4),   \
408     [oldval1] "r" (oldval1), [oldval2] "r" (oldval2)    \
409   : cl);
Quuxplusone commented 4 years ago 
(In reply to Nick Desaulniers from comment #2)
> Jonas, unless the fix is immediately obvious from the attached reproducer,
> please revert. We can then work on getting a more concise test case if the
> one supplied is insufficient.
>
> clang: ../lib/IR/InlineAsm.cpp:39:
> llvm::InlineAsm::InlineAsm(llvm::FunctionType *, const std::string &, const
> std::string &, bool, bool, llvm::InlineAsm::AsmDialect): Assertion
> `Verify(getFunctionType(), constraints) && "Function type not legal for
> constraints!"' failed.
> ...
> 3.      ./arch/arm64/include/asm/atomic_lse.h:414:1
> <Spelling=./arch/arm64/include/asm/atomic_lse.h:384:34>: Generating code for
> declaration '__lse__cmpxchg_double'
> ...
> #11 0x00000000036e95e0 llvm::InlineAsm::Verify(llvm::FunctionType*,
> llvm::StringRef) (/android0/llvm-project/llvm/build/bin/clang-12+0x36e95e0)
> #12 0x00000000036eb5fb llvm::InlineAsmKeyType::create(llvm::PointerType*)
> const (/android0/llvm-project/llvm/build/bin/clang-12+0x36eb5fb)
> #13 0x00000000036e9c73
> llvm::ConstantUniqueMap<llvm::InlineAsm>::getOrCreate(llvm::PointerType*,
> llvm::InlineAsmKeyType)
> (/android0/llvm-project/llvm/build/bin/clang-12+0x36e9c73)
> #14 0x00000000036e9954 llvm::InlineAsm::get(llvm::FunctionType*,
> llvm::StringRef, llvm::StringRef, bool, bool, llvm::InlineAsm::AsmDialect)
> (/android0/llvm-project/llvm/build/bin/clang-12+0x36e9954)
> #15 0x000000000433b0fd
> clang::CodeGen::CodeGenFunction::EmitAsmStmt(clang::AsmStmt const&)
> (/android0/llvm-project/llvm/build/bin/clang-12+0x433b0fd)

I reverted the patch temporarily.

You seem to have encountered two problems: One segfault in MachineLICM, and one
assertion in clang. I only see a test case for the clang problem, but as you
say it is not preprocessed. Please provide reduced test cases for both problems
you see along with run-lines...
Quuxplusone commented 4 years ago

I appreciate the quick revert. Beyond Sami's test, a lot of different trees of ours went red overnight for different ISAs: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/189921001.

I'll need to detangle if they're all from the suspected change, or if there's more than one overnight breakage.

I should be able to provide reduced test cases today.

Quuxplusone commented 4 years ago 
Reduced test case:

// clang -O2 --target=aarch64-linux-gnu slub.i -c

void __lse__cmpxchg_double_mb_ptr(void) {
  register int a asm("x1");
  asm("" : "+&r"(a));
}
Quuxplusone commented 4 years ago 
(In reply to Nick Desaulniers from comment #5)
> a lot of different trees
> of ours went red overnight for different ISAs:
> https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/builds/
> 189921001.
>
> I'll need to detangle if they're all from the suspected change, or if
> there's more than one overnight breakage.

The 32b ARM, x86_64, and SystemZ/s390 failures also come from commit
c78da037783bda0f27f4d82060149166e6f0c796 ("[clang] Improve handling of physical
registers in inline assembly operands.")

I can provide reduced test cases for those ISAs if necessary, but I suspect the
test case for 64b ARM should be sufficient. I can also test all ISAs quickly
once the patch is updated.
Quuxplusone commented 4 years ago 
(In reply to Nick Desaulniers from comment #6)
> Reduced test case:
>
> // clang -O2 --target=aarch64-linux-gnu slub.i -c
>
> void __lse__cmpxchg_double_mb_ptr(void) {
>   register int a asm("x1");
>   asm("" : "+&r"(a));
> }

thanks for the test case - see Phabricator for discussion...
Quuxplusone commented 4 years ago

42a8286