[LLD] Crash when linking `lli` on mingw with address sanitizer

[Il-Capitano]

Building LLVM on mingw with address sanitizer fails when linking lli.exe. Backtrace of ld.lld.exe with debug info (same backtrace for lld-link.exe):

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: C:\\dev\\downloads\\llvm-project\\build-17-debug-info\\install\\bin\\ld.lld.exe tools/lli/CMakeFiles/lli.dir/lli.cpp.obj
Exception Code: 0xC0000005
 #0 0x00007ff66779e4f4 lld::coff::ObjFile::createDefined(llvm::object::COFFSymbolRef, std::__1::vector<llvm::object::coff_aux_section_definition const*, std::__1::allocator<llvm::object::coff_aux_section_definition const*>>&, bool&) C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:664:14
 #1 0x00007ff66779ba6a std::__1::__optional_storage_base<lld::coff::Symbol*, false>::has_value[abi:v170001]() const C:/dev/install/llvm-17/bin/../include/c++/v1/optional:387:22
 #2 0x00007ff66779ba6a std::__1::optional<lld::coff::Symbol*>::operator bool[abi:v170001]() const C:/dev/install/llvm-17/bin/../include/c++/v1/optional:1049:64
 #3 0x00007ff66779ba6a lld::coff::ObjFile::initializeSymbols() C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:400:40
 #4 0x00007ff66779b4fd lld::coff::ObjFile::parse() C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:169:3
 #5 0x00007ff667775974 lld::coff::InputFile::kind() const C:/dev/downloads/llvm-project/lld/COFF/InputFiles.h:75:30
 #6 0x00007ff667775974 lld::coff::ObjFile::classof(lld::coff::InputFile const*) C:/dev/downloads/llvm-project/lld/COFF/InputFiles.h:133:55
 #7 0x00007ff667775974 llvm::isa_impl<lld::coff::ObjFile, lld::coff::InputFile, void>::doit(lld::coff::InputFile const&) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:64:53
 #8 0x00007ff667775974 llvm::isa_impl_cl<lld::coff::ObjFile, lld::coff::InputFile const*>::doit(lld::coff::InputFile const*) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:110:12
 #9 0x00007ff667775974 llvm::isa_impl_wrap<lld::coff::ObjFile, lld::coff::InputFile const*, lld::coff::InputFile const*>::doit(lld::coff::InputFile const* const&) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:137:12
#10 0x00007ff667775974 llvm::isa_impl_wrap<lld::coff::ObjFile, lld::coff::InputFile* const, lld::coff::InputFile const*>::doit(lld::coff::InputFile* const&) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:127:12
#11 0x00007ff667775974 llvm::CastIsPossible<lld::coff::ObjFile, lld::coff::InputFile*, void>::isPossible(lld::coff::InputFile* const&) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:255:12
#12 0x00007ff667775974 llvm::CastInfo<lld::coff::ObjFile, lld::coff::InputFile*, void>::doCastIfPossible(lld::coff::InputFile* const&) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:493:10
#13 0x00007ff667775974 decltype(auto) llvm::dyn_cast<lld::coff::ObjFile, lld::coff::InputFile>(lld::coff::InputFile*) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:663:10
#14 0x00007ff667775974 lld::coff::SymbolTable::addFile(lld::coff::InputFile*) C:/dev/downloads/llvm-project/lld/COFF/SymbolTable.cpp:61:19
#15 0x00007ff667709da1 lld::coff::LinkerDriver::addBuffer(std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>, bool, bool) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:0:0
#16 0x00007ff6677199b5 std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>::reset[abi:v170001](llvm::MemoryBuffer*) C:/dev/install/llvm-17/bin/../include/c++/v1/__memory/unique_ptr.h:297:28
#17 0x00007ff6677199b5 std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer>>::~unique_ptr[abi:v170001]() C:/dev/install/llvm-17/bin/../include/c++/v1/__memory/unique_ptr.h:266:75
#18 0x00007ff6677199b5 lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0::operator()() const C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:283:7
#19 0x00007ff6677199b5 decltype(std::declval<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&>()()) std::__1::__invoke[abi:v170001]<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&>(lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&) C:/dev/install/llvm-17/bin/../include/c++/v1/__type_traits/invoke.h:340:25
#20 0x00007ff6677199b5 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:v170001]<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&>(lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&) C:/dev/install/llvm-17/bin/../include/c++/v1/__type_traits/invoke.h:415:5
#21 0x00007ff6677199b5 std::__1::__function::__alloc_func<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0, std::__1::allocator<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0>, void ()>::operator()[abi:v170001]() C:/dev/install/llvm-17/bin/../include/c++/v1/__functional/function.h:192:16
#22 0x00007ff6677199b5 std::__1::__function::__func<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0, std::__1::allocator<lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0>, void ()>::operator()() C:/dev/install/llvm-17/bin/../include/c++/v1/__functional/function.h:363:12
#23 0x00007ff66771314b std::__1::list<std::__1::function<void ()>, std::__1::allocator<std::__1::function<void ()>>>::pop_front() C:/dev/install/llvm-17/bin/../include/c++/v1/list:1592:39
#24 0x00007ff66771314b lld::coff::LinkerDriver::run() C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:1105:15
#25 0x00007ff6677069fe lld::coff::LinkerDriver::linkerMain(llvm::ArrayRef<char const*>) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:2069:7
#26 0x00007ff667701c6d lld::coff::link(llvm::ArrayRef<char const*>, llvm::raw_ostream&, llvm::raw_ostream&, bool, bool) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:77:10
#27 0x00007ff667759a95 lld::mingw::link(llvm::ArrayRef<char const*>, llvm::raw_ostream&, llvm::raw_ostream&, bool, bool) C:/dev/downloads/llvm-project/lld/MinGW/Driver.cpp:489:10
#28 0x00007ff6676f27b2 lld::unsafeLldMain(llvm::ArrayRef<char const*>, llvm::raw_ostream&, llvm::raw_ostream&, llvm::ArrayRef<lld::DriverDef>, bool) C:/dev/downloads/llvm-project/lld/Common/DriverDispatcher.cpp:164:11
#29 0x00007ff6676f1855 lld_main(int, char**, llvm::ToolContext const&) C:/dev/downloads/llvm-project/lld/tools/lld/lld.cpp:93:9
#30 0x00007ff6676f1e07 main C:/dev/downloads/llvm-project/build-17-debug-info/tools/lld/tools/lld/lld-driver.cpp:15:3
#31 0x00007ff6676f12ee __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:268:8
#32 0x00007ff6676f1406 mainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:190:3
#33 0x00007ffb00f97344 (C:\WINDOWS\System32\KERNEL32.DLL+0x17344)
#34 0x00007ffb01b226b1 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x526b1)

The crash happends with simply passing lli.cpp.obj to LLD.

Poking around with a debugger, the issue happens on the comdat symbol _ZL13export_chkstk, followed by a .drectve containing "-export:___chkstk_ms". Because of the section name .drectve, readSection(sectionNumber, def, getName()) will return null at COFF/InputFiles.cpp:662, causing an invalid write to address 0x00000018 on line 664.

The crash happens with a local build of LLD (both 17.0.1 and 18.0.0git), and with version 16.0.5 distributed by msys2 in the mingw-w64-ucrt-x86_64-lld package.

[llvmbot]

@llvm/issue-subscribers-lld-coff

Building LLVM on mingw with address sanitizer fails when linking `lli.exe`. Backtrace of `ld.lld.exe` with debug info (same backtrace for `lld-link.exe`):

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: C:\\dev\\downloads\\llvm-project\\build-17-debug-info\\install\\bin\\ld.lld.exe tools/lli/CMakeFiles/lli.dir/lli.cpp.obj
Exception Code: 0xC0000005
 #<!-- -->0 0x00007ff66779e4f4 lld::coff::ObjFile::createDefined(llvm::object::COFFSymbolRef, std::__1::vector&lt;llvm::object::coff_aux_section_definition const*, std::__1::allocator&lt;llvm::object::coff_aux_section_definition const*&gt;&gt;&amp;, bool&amp;) C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:664:14
 #<!-- -->1 0x00007ff66779ba6a std::__1::__optional_storage_base&lt;lld::coff::Symbol*, false&gt;::has_value[abi:v170001]() const C:/dev/install/llvm-17/bin/../include/c++/v1/optional:387:22
 #<!-- -->2 0x00007ff66779ba6a std::__1::optional&lt;lld::coff::Symbol*&gt;::operator bool[abi:v170001]() const C:/dev/install/llvm-17/bin/../include/c++/v1/optional:1049:64
 #<!-- -->3 0x00007ff66779ba6a lld::coff::ObjFile::initializeSymbols() C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:400:40
 #<!-- -->4 0x00007ff66779b4fd lld::coff::ObjFile::parse() C:/dev/downloads/llvm-project/lld/COFF/InputFiles.cpp:169:3
 #<!-- -->5 0x00007ff667775974 lld::coff::InputFile::kind() const C:/dev/downloads/llvm-project/lld/COFF/InputFiles.h:75:30
 #<!-- -->6 0x00007ff667775974 lld::coff::ObjFile::classof(lld::coff::InputFile const*) C:/dev/downloads/llvm-project/lld/COFF/InputFiles.h:133:55
 #<!-- -->7 0x00007ff667775974 llvm::isa_impl&lt;lld::coff::ObjFile, lld::coff::InputFile, void&gt;::doit(lld::coff::InputFile const&amp;) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:64:53
 #<!-- -->8 0x00007ff667775974 llvm::isa_impl_cl&lt;lld::coff::ObjFile, lld::coff::InputFile const*&gt;::doit(lld::coff::InputFile const*) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:110:12
 #<!-- -->9 0x00007ff667775974 llvm::isa_impl_wrap&lt;lld::coff::ObjFile, lld::coff::InputFile const*, lld::coff::InputFile const*&gt;::doit(lld::coff::InputFile const* const&amp;) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:137:12
#<!-- -->10 0x00007ff667775974 llvm::isa_impl_wrap&lt;lld::coff::ObjFile, lld::coff::InputFile* const, lld::coff::InputFile const*&gt;::doit(lld::coff::InputFile* const&amp;) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:127:12
#<!-- -->11 0x00007ff667775974 llvm::CastIsPossible&lt;lld::coff::ObjFile, lld::coff::InputFile*, void&gt;::isPossible(lld::coff::InputFile* const&amp;) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:255:12
#<!-- -->12 0x00007ff667775974 llvm::CastInfo&lt;lld::coff::ObjFile, lld::coff::InputFile*, void&gt;::doCastIfPossible(lld::coff::InputFile* const&amp;) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:493:10
#<!-- -->13 0x00007ff667775974 decltype(auto) llvm::dyn_cast&lt;lld::coff::ObjFile, lld::coff::InputFile&gt;(lld::coff::InputFile*) C:/dev/downloads/llvm-project/llvm/include/llvm/Support/Casting.h:663:10
#<!-- -->14 0x00007ff667775974 lld::coff::SymbolTable::addFile(lld::coff::InputFile*) C:/dev/downloads/llvm-project/lld/COFF/SymbolTable.cpp:61:19
#<!-- -->15 0x00007ff667709da1 lld::coff::LinkerDriver::addBuffer(std::__1::unique_ptr&lt;llvm::MemoryBuffer, std::__1::default_delete&lt;llvm::MemoryBuffer&gt;&gt;, bool, bool) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:0:0
#<!-- -->16 0x00007ff6677199b5 std::__1::unique_ptr&lt;llvm::MemoryBuffer, std::__1::default_delete&lt;llvm::MemoryBuffer&gt;&gt;::reset[abi:v170001](llvm::MemoryBuffer*) C:/dev/install/llvm-17/bin/../include/c++/v1/__memory/unique_ptr.h:297:28
#<!-- -->17 0x00007ff6677199b5 std::__1::unique_ptr&lt;llvm::MemoryBuffer, std::__1::default_delete&lt;llvm::MemoryBuffer&gt;&gt;::~unique_ptr[abi:v170001]() C:/dev/install/llvm-17/bin/../include/c++/v1/__memory/unique_ptr.h:266:75
#<!-- -->18 0x00007ff6677199b5 lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0::operator()() const C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:283:7
#<!-- -->19 0x00007ff6677199b5 decltype(std::declval&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&amp;&gt;()()) std::__1::__invoke[abi:v170001]&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&amp;&gt;(lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&amp;) C:/dev/install/llvm-17/bin/../include/c++/v1/__type_traits/invoke.h:340:25
#<!-- -->20 0x00007ff6677199b5 void std::__1::__invoke_void_return_wrapper&lt;void, true&gt;::__call[abi:v170001]&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&amp;&gt;(lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&amp;) C:/dev/install/llvm-17/bin/../include/c++/v1/__type_traits/invoke.h:415:5
#<!-- -->21 0x00007ff6677199b5 std::__1::__function::__alloc_func&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0, std::__1::allocator&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&gt;, void ()&gt;::operator()[abi:v170001]() C:/dev/install/llvm-17/bin/../include/c++/v1/__functional/function.h:192:16
#<!-- -->22 0x00007ff6677199b5 std::__1::__function::__func&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0, std::__1::allocator&lt;lld::coff::LinkerDriver::enqueuePath(llvm::StringRef, bool, bool)::$_0&gt;, void ()&gt;::operator()() C:/dev/install/llvm-17/bin/../include/c++/v1/__functional/function.h:363:12
#<!-- -->23 0x00007ff66771314b std::__1::list&lt;std::__1::function&lt;void ()&gt;, std::__1::allocator&lt;std::__1::function&lt;void ()&gt;&gt;&gt;::pop_front() C:/dev/install/llvm-17/bin/../include/c++/v1/list:1592:39
#<!-- -->24 0x00007ff66771314b lld::coff::LinkerDriver::run() C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:1105:15
#<!-- -->25 0x00007ff6677069fe lld::coff::LinkerDriver::linkerMain(llvm::ArrayRef&lt;char const*&gt;) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:2069:7
#<!-- -->26 0x00007ff667701c6d lld::coff::link(llvm::ArrayRef&lt;char const*&gt;, llvm::raw_ostream&amp;, llvm::raw_ostream&amp;, bool, bool) C:/dev/downloads/llvm-project/lld/COFF/Driver.cpp:77:10
#<!-- -->27 0x00007ff667759a95 lld::mingw::link(llvm::ArrayRef&lt;char const*&gt;, llvm::raw_ostream&amp;, llvm::raw_ostream&amp;, bool, bool) C:/dev/downloads/llvm-project/lld/MinGW/Driver.cpp:489:10
#<!-- -->28 0x00007ff6676f27b2 lld::unsafeLldMain(llvm::ArrayRef&lt;char const*&gt;, llvm::raw_ostream&amp;, llvm::raw_ostream&amp;, llvm::ArrayRef&lt;lld::DriverDef&gt;, bool) C:/dev/downloads/llvm-project/lld/Common/DriverDispatcher.cpp:164:11
#<!-- -->29 0x00007ff6676f1855 lld_main(int, char**, llvm::ToolContext const&amp;) C:/dev/downloads/llvm-project/lld/tools/lld/lld.cpp:93:9
#<!-- -->30 0x00007ff6676f1e07 main C:/dev/downloads/llvm-project/build-17-debug-info/tools/lld/tools/lld/lld-driver.cpp:15:3
#<!-- -->31 0x00007ff6676f12ee __tmainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:268:8
#<!-- -->32 0x00007ff6676f1406 mainCRTStartup C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:190:3
#<!-- -->33 0x00007ffb00f97344 (C:\WINDOWS\System32\KERNEL32.DLL+0x17344)
#<!-- -->34 0x00007ffb01b226b1 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x526b1)

The crash happends with simply passing lli.cpp.obj to LLD.

Poking around with a debugger, the issue happens on the comdat symbol _ZL13export_chkstk, followed by a .drectve containing "-export:___chkstk_ms". Because of the section name .drectve, readSection(sectionNumber, def, getName()) will return null at COFF/InputFiles.cpp:662, causing an invalid write to address 0x00000018 on line 664.

The crash happens with a local build of LLD (both 17.0.1 and 18.0.0git), and with version 16.0.5 distributed by msys2 in the mingw-w64-ucrt-x86_64-lld package.

[mstorsjo]

Just FYI, I've managed to reproduce this issue; but I didn't yet find time to actually look into the issue itself.

[mstorsjo]

There’s a potential fix for this now, in #68116.

[mstorsjo]

Reopening for backporting. While the issue in lld was preexisting, a change in lli in 17.x exposed this issue, making it impossible to build lli in mingw/asan configurations, that used to work - thus, there was a regression in being able to build that configuration.