[Bug target/105552] New: munmap_chunk(): invalid pointer in __gmp_default_free on ia64

[Bug target/105552] New: munmap_chunk(): invalid pointer in __gmp_default_free on ia64

[matoro_gcc_bugzilla at matoro dot tk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105552

            Bug ID: 105552
           Summary: munmap_chunk(): invalid pointer in __gmp_default_free
                    on ia64
           Product: gcc
           Version: 12.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: matoro_gcc_bugzilla at matoro dot tk
  Target Milestone: ---

I am unsure if this one is specifically gcc's fault because it also traverses
mpfr and gmp codepaths.  Since I don't have a standalone call into either of
those libs that reproduces though I believe it may be specific to how gcc calls
into them.  Tested with gcc-11.3.0, gcc-12.1.0.

The warnings are irrelevant, adding simple fixes to them (including math.h,
specifying void return) do not fix the crash.

I can provide live ssh access to the system in question if that would be
helpful.  Simply email me at this address.

The minimized example is as follows:

$ cat testcairo.i
draw_3circles() { sin(3.1415926535897932384626433832795028841971693993751); }

$ gcc -c testcairo.i
testcairo.i:1:1: warning: return type defaults to ‘int’ [-Wimplicit-int]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      | ^~~~~~~~~~~~~
testcairo.i: In function ‘draw_3circles’:
testcairo.i:1:19: warning: implicit declaration of function ‘sin’
[-Wimplicit-function-declaration]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      |                   ^~~
testcairo.i:1: note: include ‘<math.h>’ or provide a declaration of ‘sin’
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
testcairo.i:1:19: warning: incompatible implicit declaration of built-in
function ‘sin’ [-Wbuiltin-declaration-mismatch]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      |                   ^~~
testcairo.i:1:19: note: include ‘<math.h>’ or provide a declaration of ‘sin’
munmap_chunk(): invalid pointer
testcairo.i:1:1: internal compiler error: Aborted
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      | ^~~~~~~~~~~~~
linux-gate.so.1: Bad address

$ gdb -q --args gcc -c testcairo.i
Reading symbols from gcc...
Reading symbols from
/usr/lib/debug//usr/ia64-unknown-linux-gnu/gcc-bin/12.1.0/ia64-unknown-linux-gnu-gcc.debug...
(gdb) set follow-fork-mode child
(gdb) r
Starting program: /usr/bin/gcc -c testcairo.i
Failed to read a valid object file image from memory.
warning: Can't read pathname for load map.
warning: Can't read pathname for load map.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[Attaching after Thread 0x2000000000204d60 (LWP 27400) vfork to child process
27402]
[New inferior 2 (process 27402)]
warning: Can't read pathname for load map.
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[Detaching vfork parent process 27400 after child exec]
[Inferior 1 (process 27400) detached]
process 27402 is executing new program:
/usr/libexec/gcc/ia64-unknown-linux-gnu/12.1.0/cc1
warning: Can't read pathname for load map.
warning: Can't read pathname for load map.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
testcairo.i:1:1: warning: return type defaults to ‘int’ [-Wimplicit-int]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      | ^~~~~~~~~~~~~
testcairo.i: In function ‘draw_3circles’:
testcairo.i:1:19: warning: implicit declaration of function ‘sin’
[-Wimplicit-function-declaration]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      |                   ^~~
testcairo.i:1: note: include ‘<math.h>’ or provide a declaration of ‘sin’
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
testcairo.i:1:19: warning: incompatible implicit declaration of built-in
function ‘sin’ [-Wbuiltin-declaration-mismatch]
    1 | draw_3circles() {
sin(3.1415926535897932384626433832795028841971693993751); }
      |                   ^~~
testcairo.i:1:19: note: include ‘<math.h>’ or provide a declaration of ‘sin’
munmap_chunk(): invalid pointer

Thread 2.1 "cc1" received signal SIGABRT, Aborted.
[Switching to Thread 0x2000000000516ba0 (LWP 27402)]
0xa000000000040721 in ?? ()
(gdb) bt
#0  0xa000000000040721 in ?? ()
#1  0x2000000000a3c240 in __pthread_kill_implementation () from
/lib/libc.so.6.1
#2  0x2000000000991c40 in raise () from /lib/libc.so.6.1
#3  0x200000000095eb70 in abort () from /lib/libc.so.6.1
#4  0x2000000000a1b960 in __libc_message () from /lib/libc.so.6.1
#5  0x2000000000a56c70 in malloc_printerr () from /lib/libc.so.6.1
#6  0x2000000000a57290 in munmap_chunk () from /lib/libc.so.6.1
#7  0x2000000000a61870 in free () from /lib/libc.so.6.1
#8  0x20000000006404b0 in __gmp_default_free () from /usr/lib/libgmp.so.10
#9  0x2000000000642300 in __gmp_tmp_reentrant_free () from
/usr/lib/libgmp.so.10
#10 0x200000000066ccd0 in __gmpz_mod () from /usr/lib/libgmp.so.10
#11 0x20000000005d9d20 in mpfr_rem1 () from /usr/lib/libmpfr.so.6
#12 0x200000000058c690 in mpfr_sin () from /usr/lib/libmpfr.so.6
#13 0x400000000039cab0 in do_mpfr_arg1(real_value*, int (*)(__mpfr_struct*,
__mpfr_struct const*, mpfr_rnd_t), real_value const*, real_format const*) ()
#14 0x4000000001014950 in fold_const_call_1(combined_fn, tree_node*,
tree_node*) ()
#15 0x4000000000e7e330 in fold_builtin_n(unsigned int, tree_node*, tree_node*,
tree_node**, int, bool) [clone .constprop.0] ()
#16 0x4000000000fe9770 in fold(tree_node*) ()
#17 0x4000000000e18c60 in c_fully_fold_internal(tree_node*, bool, bool*, bool*,
bool, bool) ()
#18 0x4000000000e181e0 in c_fully_fold(tree_node*, bool, bool*, bool) ()
#19 0x4000000001b2d380 in c_process_expr_stmt(unsigned int, tree_node*) ()
#20 0x4000000001b2d2c0 in c_finish_expr_stmt(unsigned int, tree_node*) ()
#21 0x4000000000e12470 in c_parser_statement_after_labels(c_parser*, bool*,
vec<tree_node*, va_heap, vl_ptr>*) ()
#22 0x4000000000e0f3b0 in c_parser_compound_statement_nostart(c_parser*) ()
#23 0x4000000001b3ef60 in c_parser_compound_statement(c_parser*, unsigned int*)
()
#24 0x4000000000dec9e0 in c_parser_declaration_or_fndef(c_parser*, bool, bool,
bool, bool, bool, tree_node**, vec<c_token, va_heap, vl_ptr>*, bool,
tree_node*, oacc_routine_data*, bool*) ()
#25 0x4000000000dea9a0 in c_parser_external_declaration(c_parser*) ()
#26 0x4000000001b35240 in c_parse_file() ()
#27 0x4000000001bbfca0 in c_common_parse_file() ()
#28 0x4000000001e465c0 in compile_file() ()
#29 0x4000000000d884c0 in toplev::main(int, char**) ()
#30 0x4000000000d8dcd0 in main ()

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/ia64-unknown-linux-gnu/12.1.0/lto-wrapper
Target: ia64-unknown-linux-gnu
Configured with:
/var/tmp/portage/sys-devel/gcc-12.1.0/work/gcc-12.1.0/configure
--host=ia64-unknown-linux-gnu --build=ia64-unknown-linux-gnu --prefix=/usr
--bindir=/usr/ia64-unknown-linux-gnu/gcc-bin/12.1.0
--includedir=/usr/lib/gcc/ia64-unknown-linux-gnu/12.1.0/include
--datadir=/usr/share/gcc-data/ia64-unknown-linux-gnu/12.1.0
--mandir=/usr/share/gcc-data/ia64-unknown-linux-gnu/12.1.0/man
--infodir=/usr/share/gcc-data/ia64-unknown-linux-gnu/12.1.0/info
--with-gxx-include-dir=/usr/lib/gcc/ia64-unknown-linux-gnu/12.1.0/include/g++-v12
--with-python-dir=/share/gcc-data/ia64-unknown-linux-gnu/12.1.0/python
--enable-languages=c,c++,go --enable-obsolete --enable-secureplt
--disable-werror --with-system-zlib --enable-nls --without-included-gettext
--disable-libunwind-exceptions --enable-checking=release
--with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo 12.1.0 p5'
--disable-esp --enable-libstdcxx-time --disable-libstdcxx-pch --enable-shared
--enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
--disable-multilib --disable-fixed-point --enable-libgomp --disable-libssp
--disable-libada --disable-cet --disable-systemtap
--disable-valgrind-annotations --disable-vtable-verify --disable-libvtv
--without-zstd --enable-lto --with-isl --disable-isl-version-check
--disable-libsanitizer --enable-default-pie --enable-default-ssp
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 12.1.0 (Gentoo 12.1.0 p5)

[Bug target/105552] munmap_chunk(): invalid pointer in __gmp_default_free on ia64

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105552

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
You can try creating a mpfr testcase calling mpfr_sin, the mpfr representation
of 3.1415926535897932384626433832795028841971693993751 can probably be obtained
by one of the string conversion routines in it.

[Bug target/105552] munmap_chunk(): invalid pointer in __gmp_default_free on ia64

[matoro_gcc_bugzilla at matoro dot tk]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105552

matoro <matoro_gcc_bugzilla at matoro dot tk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from matoro <matoro_gcc_bugzilla at matoro dot tk> ---
While trying to get a better stacktrace, I reduced the optimizations on
mpfr/gmp.  Turns out I forgot I had gmp at -O3.  Reducing it to -O2 solves the
issue.