Skip to content

LLVM crash when compiling openssl #1916

New issue
New issue
Closed
Closed
LLVM crash when compiling openssl#1916
Assignees
vanhauser-thc
@cjb

Description

@cjb
cjb
opened on Nov 28, 2023

Hi, I'm seeing an LLVM crash when trying to compile openssl with aflplusplus's stable branch, it's happening on two different machines with LLVM 16 (x86_64) and LLVM 17 (aarch64). It's possible that the problem is somehow with my setup, but sharing the repro steps here as requested by @vanhauser-thc:

mkdir llvmcrash
cd llvmcrash
git clone https://github.com/aflplusplus/aflplusplus
cd aflplusplus
NO_NYX=1 make source-only -j
cd ..
git clone https://github.com/openssl/openssl
cd openssl
git checkout openssl-3.2.0
export PATH="$PWD/../aflplusplus:/usr/local/bin:/usr/bin:/bin"
export CC=afl-clang-lto
export CXX=afl-clang-lto++ 
export CFLAGS="-fno-inline-functions -g"
export CXXFLAGS="-fno-inline-functions -g"
export AFL_LLVM_LAF_ALL=1
export LD=afl-clang-lto++
export AFL_USE_ASAN=1
./config --debug enable-fuzz-libfuzzer -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION --with-fuzzer-lib=$PWD/../aflplusplus/libAFLDriver.a enable-tls1_3 enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -O3 -fno-sanitize=alignment enable-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-egd no-external-tests no-fuzz-afl no-ktls no-msan no-sctp no-shared no-ssl-trace no-trace no-ubsan no-unit-test no-tests no-uplink no-zlib no-zlib-dynamic
make -j

Here, this results in:

Split-compare-newpass by [email protected], extended by [email protected] (splitting icmp to 8 bit)
Split-floatingpoint-compare-pass: 0 FP comparisons split
58 comparisons found
Instruction does not dominate all uses!
  %692 = phi i1 [ %690, %689 ], [ true, %596 ], [ false, %641 ]
  %694 = phi i1 [ %548, %691 ], [ %692, %positive_value ]
Instruction does not dominate all uses!
  %692 = phi i1 [ %690, %689 ], [ true, %596 ], [ false, %641 ]
  %694 = phi i1 [ %548, %691 ], [ %692, %positive_value ]
[AFL++ SplitComparesTransform] ERROR: Module Verifier failed! Consider reporting a bug with the AFL++ project.
...
Instruction does not dominate all uses!
  %1212 = phi i1 [ %1210, %1209   ], [ true, %1107 ], [ false, %1157 ]
%1212 = phi i1 [ %1210  %LLVM ERROR: Broken module found, compilation aborted!
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: /usr/bin/ld.lld -pie --hash-style=gnu --build-id --eh-frame-hdr -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o fuzz/ct /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../lib64/Scrt1.o /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../lib64/crti.o /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/crtbeginS.o -L. -L/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1 -L/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/lib -L/usr/lib -plugin-opt=mcpu=x86-64 -plugin-opt=O3 --whole-archive /usr/lib/clang/16/lib/linux/libclang_rt.asan_static-x86_64.a --no-whole-archive --whole-archive /usr/lib/clang/16/lib/linux/libclang_rt.asan-x86_64.a --no-whole-archive --dynamic-list=/usr/lib/clang/16/lib/linux/libclang_rt.asan-x86_64.a.syms --load-pass-plugin=/home/cjb/llvmcrash/aflplusplus/SanitizerCoverageLTO.so --allow-multiple-definition --no-as-needed -ldl -lm fuzz/ct-bin-ct.o fuzz/ct-bin-driver.o ../../../../mnt/fuzz/aflplusplus/libAFLDriver.a -lcrypto -ldl /home/cjb/llvmcrash/aflplusplus/afl-compiler-rt-64.o /home/cjb/llvmcrash/aflplusplus/afl-llvm-rt-lto-64.o --dynamic-list=/home/cjb/llvmcrash/aflplusplus/dynamic_list.txt --no-as-needed -lpthread -lrt -lm -ldl -lresolv -lgcc --as-needed -lgcc_s --no-as-needed -lpthread -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/crtendS.o /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/13.2.1/../../../../lib64/crtn.o
 #0 0x00007ffff021f503 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/libLLVM-16.so+0xe1f503)
 #1 0x00007ffff021c7bf llvm::sys::RunSignalHandlers() (/usr/lib/libLLVM-16.so+0xe1c7bf)
 #2 0x00007ffff021c90d (/usr/lib/libLLVM-16.so+0xe1c90d)
 #3 0x00007fffeee5c710 (/usr/lib/libc.so.6+0x3e710)
 #4 0x00007fffeeeac83c (/usr/lib/libc.so.6+0x8e83c)
 #5 0x00007fffeee5c668 gsignal (/usr/lib/libc.so.6+0x3e668)
 #6 0x00007fffeee444b8 abort (/usr/lib/libc.so.6+0x264b8)
 #7 0x00007fffeff4d25f (/usr/lib/libLLVM-16.so+0xb4d25f)
 #8 0x00007ffff011f19e (/usr/lib/libLLVM-16.so+0xd1f19e)
 #9 0x00007ffff043ac1f (/usr/lib/libLLVM-16.so+0x103ac1f)
#10 0x00007ffff1f5efb4 (/usr/lib/libLLVM-16.so+0x2b5efb4)
#11 0x00007ffff1f62e91 llvm::lto::backend(llvm::lto::Config const&, std::function<llvm::Expected<std::unique_ptr<llvm::CachedFileStream, std::default_delete<llvm::CachedFileStream>>> (unsig
ned int, llvm::Twine const&)>, unsigned int, llvm::Module&, llvm::ModuleSummaryIndex&) (/usr/lib/libLLVM-16.so+0x2b62e91)
#12 0x00007ffff1f56d86 llvm::lto::LTO::runRegularLTO(std::function<llvm::Expected<std::unique_ptr<llvm::CachedFileStream, std::default_delete<llvm::CachedFileStream>>> (unsigned int, llvm::
Twine const&)>) (/usr/lib/libLLVM-16.so+0x2b56d86)
#13 0x00007ffff1f570f6 llvm::lto::LTO::run(std::function<llvm::Expected<std::unique_ptr<llvm::CachedFileStream, std::default_delete<llvm::CachedFileStream>>> (unsigned int, llvm::Twine const&)>, std::function<llvm::Expected<std::function<llvm::Expected<std::unique_ptr<llvm::CachedFileStream, std::default_delete<llvm::CachedFileStream>>> (unsigned int, llvm::Twine const&)>> (unsigned int, llvm::StringRef, llvm::Twine const&)>) (/usr/lib/libLLVM-16.so+0x2b570f6)
#14 0x00007ffff7d63709 lld::elf::BitcodeCompiler::compile() (/usr/lib/liblldELF.so.16+0x163709)
#15 0x00007ffff7cb9b61 void lld::elf::LinkerDriver::compileBitcodeFiles<llvm::object::ELFType<(llvm::support::endianness)1, true>>(bool) (/usr/lib/liblldELF.so.16+0xb9b61)
#16 0x00007ffff7ce036b lld::elf::LinkerDriver::link(llvm::opt::InputArgList&) (/usr/lib/liblldELF.so.16+0xe036b)
#17 0x00007ffff7ce2206 lld::elf::LinkerDriver::linkerMain(llvm::ArrayRef<char const*>) (/usr/lib/liblldELF.so.16+0xe2206)
#18 0x00007ffff7ce3de3 lld::elf::link(llvm::ArrayRef<char const*>, llvm::raw_ostream&, llvm::raw_ostream&, bool, bool) (/usr/lib/liblldELF.so.16+0xe3de3)
#19 0x00005555555597ed (/usr/bin/ld.lld+0x57ed)
#20 0x0000555555559c68 lld_main(int, char**) (/usr/bin/ld.lld+0x5c68)
#21 0x00007fffeee45cd0 (/usr/lib/libc.so.6+0x27cd0)
#22 0x00007fffeee45d8a __libc_start_main (/usr/lib/libc.so.6+0x27d8a)
#23 0x0000555555557265 _start (/usr/bin/ld.lld+0x3265)
  %2463 = phi i1 [ %2461, %2460 ], [ true, %2358 ], [ false, %2408 ]
  %2465 = phi i1 [ %2306, %2462 ], [ %2463, %2148 ]
clang-16: error: unable to execute command: Aborted
clang-16: error: linker command failed due to signal (use -v to see invocation)
make[1]: *** [Makefile:14540: fuzz/ct] Error 1
make[1]: *** Waiting for unfinished jobs....

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions