| Issue |
64727
|
| Summary |
[mlir][SparseTensor] Invalid free
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
banach-space
|
Hi,
This is a direct follow-up of the discussion in https://reviews.llvm.org/D158012. There seem to be some cases of "double free" in the SparseTensor compiler. To reproduce (tested on AArch64, using SHA: af315097c6d9):
```mlir
mlir-opt /llvm-project/mlir/test/Integration/Dialect/SparseTensor/CPU/sparse_pack_libgen.mlir --sparse-compiler="enable-runtime-library=false" | /llvm-project/build/release/bin/mlir-cpu-runner -e entry -entry-point-result=void -shared-libs=llvm-project/build/release/lib/libmlir_c_runner_utils.so,/llvm-project/build/release/lib/libmlir_runner_utils.so
```
This crashes for me with the following message:
```
0. Program arguments: /llvm-project/build/release/bin/mlir-cpu-runner -e entry -entry-point-result=void -shared-libs=/llvm-project/build/release/lib/libmlir_c_runner_utils.so,/llvm-project/build/release/lib/libmlir_runner_utils.so
#0 0x0000ffff867f8a10 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (llvm-project/build/release/bin/../lib/libLLVMSupport.so.18git+0x1e8a10)
#1 0x0000ffff867f6a10 llvm::sys::RunSignalHandlers() (/llvm-project/build/release/bin/../lib/libLLVMSupport.so.18git+0x1e6a10)
#2 0x0000ffff867f8e30 SignalHandler(int) Signals.cpp:0:0
#3 0x0000ffff913988fc (linux-vdso.so.1+0x8fc)
#4 0x0000ffff861df200 __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
#5 0x0000ffff8619a67c gsignal ./signal/../sysdeps/posix/raise.c:27:6
#6 0x0000ffff86187130 abort ./stdlib/abort.c:81:7
#7 0x0000ffff861d3308 __libc_message ./libio/../sysdeps/posix/libc_fatal.c:153:6
#8 0x0000ffff861e957c ./malloc/malloc.c:5668:3
#9 0x0000ffff861eb8b4 _int_free ./malloc/malloc.c:4687:2
#10 0x0000ffff861edc84 __libc_free ./malloc/malloc.c:3394:3
#11 0x0000ffff91173318
#12 0x0000ffff91173388
#13 0x0000ffff9114edec compileAndExecute((anonymous namespace)::Options&, mlir::Operation*, llvm::StringRef, (anonymous namespace)::CompileAndExecuteConfig, void**, std::unique_ptr<llvm::TargetMachine, std::default_delete<llvm::TargetMachine>>) JitRunner.cpp:0:0
#14 0x0000ffff9114b4d4 compileAndExecuteVoidFunction((anonymous namespace)::Options&, mlir::Operation*, llvm::StringRef, (anonymous namespace)::CompileAndExecuteConfig, std::unique_ptr<llvm::TargetMachine, std::default_delete<llvm::TargetMachine>>) JitRunner.cpp:0:0
#15 0x0000ffff91149c28 mlir::JitRunnerMain(int, char**, mlir::DialectRegistry const&, mlir::JitRunnerConfig) (/llvm-project/build/release/bin/../lib/libMLIRJitRunner.so.18git+0x19c28)
#16 0x0000aaaab4952de0 main (//llvm-project/build/release/bin/mlir-cpu-runner+0x12de0)
#17 0x0000ffff861873fc __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#18 0x0000ffff861874cc call_init ./csu/../csu/libc-start.c:128:20
#19 0x0000ffff861874cc __libc_start_main ./csu/../csu/libc-start.c:379:5
#20 0x0000aaaab4952c30 _start (/llvm-project/build/release/bin/mlir-cpu-runner+0x12c30)
Aborted (core dumped)
```
>From the [buildbot](https://lab.llvm.org/buildbot/#/builders/179/builds/7122):
```bash
SUMMARY: AddressSanitizer: double-free /home/tcwg-buildslave/workspace/tcwg-llvm-release/tcwg-jade-03/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in __interceptor_free
```
Note that in order to trigger this, you will need to set `--sparse-compiler="enable-runtime-library=false"` (i.e. to use the so called "direct IR generation").
-Andrzej
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
