Bug#1095866: llvm-toolchain-{19, 21, snapshot}: unsoundness/miscompilations on i386

Simon McVittie smcv at debian.org
Mon Sep 29 14:52:13 BST 2025 

Control: clone -1 -2 -3
Control: found -1 1:19.1.7-6
Control: retitle -2 llvm-toolchain-21: unsoundness/miscompilations on i386
Control: reassign -2 src:llvm-toolchain-21 1:21.1.2-2
Control: retitle -3 llvm-toolchain-snapshot: unsoundness/miscompilations on i386
Control: reassign -3 src:llvm-toolchain-snapshot 1:22~++20250731080150+be449d6b6587-1~exp1

On Tue, 29 Apr 2025 at 11:09:31 +0100, Simon McVittie wrote:
>On Fri, 25 Apr 2025 at 17:19:49 +0200, Fabian Grünbichler wrote:
>>IMHO llvm-19 should definitely be adapted as well to fix the issue on the
>>LLVM side as well. compiling and executing the C reproducer[0] on i386 using
>>`clang-18 -O3 code.c && ./a.out` works fine, doing the same with clang-19
>>causes a segfault. with clang-18 downgraded to 1:18.1.8-16 (last version
>>before the baseline bump) the segfault is back as expected.

Confirmed still present in current(ish) versions (I didn't try clang-19 
1:19.1.7-7 which isn't on my mirror yet).

An easy reproducer on an x86 machine with podman installed and working 
(either amd64 or i386 should work, tested on amd64):

$ podman run --rm -it --arch i386 i386/debian:sid-slim
# sed -i -e 's/sid/& experimental/g' /etc/apt/sources.list.d/debian.sources
# apt update
# apt full-upgrade
# apt install curl clang-19 clang-21 clang-22
# curl "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1095866;filename=code.c;msg=27" > bug.c
# clang-19 -O1 -o19 bug.c && ./19
Segmentation fault (core dumped)
# clang-21 -O1 -o21 bug.c && ./21
Segmentation fault (core dumped)
# clang-22 -O1 -o22 bug.c && ./22
Segmentation fault (core dumped)

(Or run the same thing in your favourite container or virtualization 
technology, or a chroot.)

>If I'm reading correctly, disable-sse2-old-x86.diff and 
>clang-baseline-fix-i386.patch will need to be dropped from both the 20 
>branch (for src:llvm-toolchain-20) and the snapshot branch (for a 
>future src:llvm-toolchain-21) to avoid this regressing in future. The 
>equivalent of cherry-picking these commits from the 18 branch:
>
>* https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/commit/f3af06cdcb77523f7a461a2de35c52daafcab311
>* https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/commit/90035ab5f2c7b352faf6fd45c303d15f6ebeb25c
>* https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/commit/02b16baed84d68bdee9b6a48a76f0786fc24e7ff
>* https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/commit/b6c80b9fa2e547e2fabd5df45ed0b75af45da2cb

Now that -21 is its own package and -snapshot is a prerelease of version 
22, presumably those same fixes need applying to -19, -21 and -snapshot 
in order to resolve #1095866, clone -2 and clone -3, respectively.

I assume the equivalent bug in -20 (#1104337) is wontfix now that 
removal of -20 has been requested.

Thanks,
     smcv

More information about the Pkg-llvm-team mailing list