[clangd] use-after-poison with nested template #133676
Description
template<typename T> struct foo;
template<template<typename... X, typename Scope> class A = foo> struct Q {};
void test3() {
f(Q<foo>()).g();
}When editing the above code snippet. clangd run into a use-after-poison error caught by ASAN. The log and stack trace is as follows.
I[04:23:33.797] clangd version 20.1.1 (https://github.com/llvm/llvm-project.git 424c2d9b7e4de40d0804dd374721e6411c27d1d1)
I[04:23:33.797] Features: linux+asan
I[04:23:33.797] PID: 35001
I[04:23:33.797] Working directory: /tmp/export
I[04:23:33.797] argv[0]: /src/build/bin/clangd
I[04:23:33.797] argv[1]: --log=verbose
V[04:23:33.797] User config file is /root/.config/clangd/config.yaml
I[04:23:33.797] Starting LSP over stdin/stdout
V[04:23:33.798] <<< {"id":0,"jsonrpc":"2.0","method":"initialize","params":{"capabilities":{"general":{"markdown":{"parser":"marked","version":"1.1.0"},"positionEncodings":["utf-16"],"regularExpressions":{"engine":"ECMAScript","version":"ES2020"},"staleRequestSupport":{"cancel":true,"retryOnContentModified":["textDocument/semanticTokens/full","textDocument/semanticTokens/range","textDocument/semanticTokens/full/delta"]}},"notebookDocument":{"synchronization":{"dynamicRegistration":true,"executionSummarySupport":true}},"textDocument":{"callHierarchy":{"dynamicRegistration":true},"codeAction":{"codeActionLiteralSupport":{"codeActionKind":{"valueSet":["","quickfix","refactor","refactor.extract","refactor.inline","refactor.rewrite","source","source.organizeImports"]}},"dataSupport":true,"disabledSupport":true,"dynamicRegistration":true,"honorsChangeAnnotations":false,"isPreferredSupport":true,"resolveSupport":{"properties":["edit"]}},"codeLens":{"dynamicRegistration":true},"colorProvider":{"dynamicRegistration":true},"completion":{"completionItem":{"commitCharactersSupport":true,"deprecatedSupport":true,"documentationFormat":["markdown","plaintext"],"insertReplaceSupport":true,"insertTextModeSupport":{"valueSet":[1,2]},"labelDetailsSupport":true,"preselectSupport":true,"resolveSupport":{"properties":["documentation","detail","additionalTextEdits"]},"snippetSupport":true,"tagSupport":{"valueSet":[1]}},"completionItemKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25]},"completionList":{"itemDefaults":["commitCharacters","editRange","insertTextFormat","insertTextMode"]},"contextSupport":true,"dynamicRegistration":true,"editsNearCursor":true,"insertTextMode":2},"declaration":{"dynamicRegistration":true,"linkSupport":true},"definition":{"dynamicRegistration":true,"linkSupport":true},"diagnostic":{"dynamicRegistration":true,"relatedDocumentSupport":false},"documentHighlight":{"dynamicRegistration":true},"documentLink":{"dynamicRegistration":true,"tooltipSupport":true},"documentSymbol":{"dynamicRegistration":true,"hierarchicalDocumentSymbolSupport":true,"labelSupport":true,"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"foldingRange":{"dynamicRegistration":true,"foldingRange":{"collapsedText":false},"foldingRangeKind":{"valueSet":["comment","imports","region"]},"lineFoldingOnly":true,"rangeLimit":5000},"formatting":{"dynamicRegistration":true},"hover":{"contentFormat":["markdown","plaintext"],"dynamicRegistration":true},"implementation":{"dynamicRegistration":true,"linkSupport":true},"inactiveRegionsCapabilities":{"inactiveRegions":true},"inlayHint":{"dynamicRegistration":true,"resolveSupport":{"properties":["tooltip","textEdits","label.tooltip","label.location","label.command"]}},"inlineValue":{"dynamicRegistration":true},"linkedEditingRange":{"dynamicRegistration":true},"onTypeFormatting":{"dynamicRegistration":true},"publishDiagnostics":{"codeDescriptionSupport":true,"dataSupport":true,"relatedInformation":true,"tagSupport":{"valueSet":[1,2]},"versionSupport":false},"rangeFormatting":{"dynamicRegistration":true},"references":{"dynamicRegistration":true},"rename":{"dynamicRegistration":true,"honorsChangeAnnotations":true,"prepareSupport":true,"prepareSupportDefaultBehavior":1},"selectionRange":{"dynamicRegistration":true},"semanticTokens":{"augmentsSyntaxTokens":true,"dynamicRegistration":true,"formats":["relative"],"multilineTokenSupport":false,"overlappingTokenSupport":false,"requests":{"full":{"delta":true},"range":true},"serverCancelSupport":true,"tokenModifiers":["declaration","definition","readonly","static","deprecated","abstract","async","modification","documentation","defaultLibrary"],"tokenTypes":["namespace","type","class","enum","interface","struct","typeParameter","parameter","variable","property","enumMember","event","function","method","macro","keyword","modifier","comment","string","number","regexp","operator","decorator"]},"signatureHelp":{"contextSupport":true,"dynamicRegistration":true,"signatureInformation":{"activeParameterSupport":true,"documentationFormat":["markdown","plaintext"],"parameterInformation":{"labelOffsetSupport":true}}},"synchronization":{"didSave":true,"dynamicRegistration":true,"willSave":true,"willSaveWaitUntil":true},"typeDefinition":{"dynamicRegistration":true,"linkSupport":true},"typeHierarchy":{"dynamicRegistration":true}},"window":{"showDocument":{"support":true},"showMessage":{"messageActionItem":{"additionalPropertiesSupport":true}},"workDoneProgress":true},"workspace":{"applyEdit":true,"codeLens":{"refreshSupport":true},"configuration":true,"diagnostics":{"refreshSupport":true},"didChangeConfiguration":{"dynamicRegistration":true},"didChangeWatchedFiles":{"dynamicRegistration":true,"relativePatternSupport":true},"executeCommand":{"dynamicRegistration":true},"fileOperations":{"didCreate":true,"didDelete":true,"didRename":true,"dynamicRegistration":true,"willCreate":true,"willDelete":true,"willRename":true},"inlayHint":{"refreshSupport":true},"inlineValue":{"refreshSupport":true},"semanticTokens":{"refreshSupport":true},"symbol":{"dynamicRegistration":true,"resolveSupport":{"properties":["location.range"]},"symbolKind":{"valueSet":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26]},"tagSupport":{"valueSet":[1]}},"workspaceEdit":{"changeAnnotationSupport":{"groupsOnLabel":true},"documentChanges":true,"failureHandling":"textOnlyTransactional","normalizesLineEndings":true,"resourceOperations":["create","rename","delete"]},"workspaceFolders":true}},"clientInfo":{"name":"Visual Studio Code","version":"1.98.2"},"initializationOptions":{"clangdFileStatus":true,"fallbackFlags":[]},"locale":"en","processId":7462,"rootPath":"/tmp/export","rootUri":"file:///tmp/export","trace":"off","workspaceFolders":[{"name":"export","uri":"file:///tmp/export"}]}}
I[04:23:33.799] <-- initialize(0)
I[04:23:33.825] --> reply:initialize(0) 25 ms
V[04:23:33.825] >>> {"id":0,"jsonrpc":"2.0","result":{"capabilities":{"astProvider":true,"callHierarchyProvider":true,"clangdInlayHintsProvider":true,"codeActionProvider":{"codeActionKinds":["quickfix","refactor","info"]},"compilationDatabase":{"automaticReload":true},"completionProvider":{"resolveProvider":false,"triggerCharacters":[".","<",">",":","\"","/","*"]},"declarationProvider":true,"definitionProvider":true,"documentFormattingProvider":true,"documentHighlightProvider":true,"documentLinkProvider":{"resolveProvider":false},"documentOnTypeFormattingProvider":{"firstTriggerCharacter":"\n","moreTriggerCharacter":[]},"documentRangeFormattingProvider":true,"documentSymbolProvider":true,"executeCommandProvider":{"commands":["clangd.applyFix","clangd.applyRename","clangd.applyTweak"]},"foldingRangeProvider":true,"hoverProvider":true,"implementationProvider":true,"inactiveRegionsProvider":true,"inlayHintProvider":true,"memoryUsageProvider":true,"referencesProvider":true,"renameProvider":{"prepareProvider":true},"selectionRangeProvider":true,"semanticTokensProvider":{"full":{"delta":true},"legend":{"tokenModifiers":["declaration","definition","deprecated","deduced","readonly","static","abstract","virtual","dependentName","defaultLibrary","usedAsMutableReference","usedAsMutablePointer","constructorOrDestructor","userDefined","functionScope","classScope","fileScope","globalScope"],"tokenTypes":["variable","variable","parameter","function","method","function","property","variable","class","interface","enum","enumMember","type","type","unknown","namespace","typeParameter","concept","type","macro","modifier","operator","bracket","label","comment"]},"range":false},"signatureHelpProvider":{"triggerCharacters":["(",")","{","}","<",">",","]},"standardTypeHierarchyProvider":true,"textDocumentSync":{"change":2,"openClose":true,"save":true},"typeDefinitionProvider":true,"typeHierarchyProvider":true,"workspaceSymbolProvider":true},"serverInfo":{"name":"clangd","version":"clangd version 20.1.1 (https://github.com/llvm/llvm-project.git 424c2d9b7e4de40d0804dd374721e6411c27d1d1) linux+asan x86_64-unknown-linux-gnu"}}}
V[04:23:33.826] <<< {"jsonrpc":"2.0","method":"initialized","params":{}}
I[04:23:33.826] <-- initialized
V[04:23:33.828] <<< {"jsonrpc":"2.0","method":"textDocument/didOpen","params":{"textDocument":{"languageId":"cpp","text":"template<typename T> struct foo;\ntemplate<template<typename... X, typename Scope> class A = foo> struct Q {};\nvoid test3() {\n f(Q<foo>()).g();\n}","uri":"file:///tmp/export/input_80/workspace/main.cpp","version":137}}}
I[04:23:33.828] <-- textDocument/didOpen
I[04:23:33.830] Failed to find compilation database for /tmp/export/input_80/workspace/main.cpp
I[04:23:33.830] ASTWorker building file /tmp/export/input_80/workspace/main.cpp version 137 with command clangd fallback
[/tmp/export/input_80/workspace]
/usr/bin/clang -resource-dir=/src/build/lib/clang/20 -- /tmp/export/input_80/workspace/main.cpp
V[04:23:33.834] Driver produced command: cc1 -cc1 -triple x86_64-unknown-linux-gnu -fsyntax-only -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name main.cpp -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/tmp/export/input_80/workspace -fcoverage-compilation-dir=/tmp/export/input_80/workspace -resource-dir /src/build/lib/clang/20 -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11 -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/x86_64-redhat-linux -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/backward -internal-isystem /src/build/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-redhat-linux/11/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcxx-exceptions -fexceptions -no-round-trip-args -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -x c++ /tmp/export/input_80/workspace/main.cpp
I[04:23:33.834] --> textDocument/clangd.fileStatus
V[04:23:33.834] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Update","uri":"file:///tmp/export/input_80/workspace/main.cpp"}}
V[04:23:33.834] Building first preamble for /tmp/export/input_80/workspace/main.cpp version 137
V[04:23:33.846] <<< {"id":1,"jsonrpc":"2.0","method":"textDocument/documentSymbol","params":{"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:33.846] <-- textDocument/documentSymbol(1)
V[04:23:33.847] <<< {"id":2,"jsonrpc":"2.0","method":"textDocument/codeAction","params":{"context":{"diagnostics":[],"triggerKind":2},"range":{"end":{"character":1,"line":4},"start":{"character":1,"line":4}},"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:33.847] <-- textDocument/codeAction(2)
V[04:23:33.847] <<< {"id":3,"jsonrpc":"2.0","method":"textDocument/documentLink","params":{"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:33.847] <-- textDocument/documentLink(3)
V[04:23:33.847] <<< {"id":4,"jsonrpc":"2.0","method":"textDocument/inlayHint","params":{"range":{"end":{"character":1,"line":4},"start":{"character":0,"line":0}},"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:33.847] <-- textDocument/inlayHint(4)
I[04:23:33.850] Built preamble of size 275484 for file /tmp/export/input_80/workspace/main.cpp version 137 in 0.02 seconds
I[04:23:33.851] --> workspace/semanticTokens/refresh(0)
V[04:23:33.851] >>> {"id":0,"jsonrpc":"2.0","method":"workspace/semanticTokens/refresh","params":null}
I[04:23:33.851] --> textDocument/clangd.fileStatus
V[04:23:33.851] >>> {"jsonrpc":"2.0","method":"textDocument/clangd.fileStatus","params":{"state":"parsing includes, running Build AST","uri":"file:///tmp/export/input_80/workspace/main.cpp"}}
V[04:23:33.851] <<< {"id":0,"jsonrpc":"2.0","result":null}
I[04:23:33.851] <-- reply(0)
V[04:23:33.854] indexed preamble AST for /tmp/export/input_80/workspace/main.cpp version 137:
symbol slab: 0 symbols, 120 bytes
ref slab: 0 symbols, 0 refs, 128 bytes
relations slab: 0 relations, 24 bytes
I[04:23:33.854] Indexing c++17 standard library in the context of /tmp/export/input_80/workspace/main.cpp
=================================================================
==35001==ERROR: AddressSanitizer: use-after-poison on address 0x521000383488 at pc 0x0000084f7622 bp 0x7fff5a6e16d0 sp 0x7fff5a6e16c8
READ of size 8 at 0x521000383488 thread T130
V[04:23:33.874] <<< {"id":5,"jsonrpc":"2.0","method":"textDocument/semanticTokens/full","params":{"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:33.874] <-- textDocument/semanticTokens/full(5)
V[04:23:33.887] Ignored diagnostic. /usr/include/locale.h:28:10:'stddef.h' file not found
V[04:23:34.049] <<< {"id":6,"jsonrpc":"2.0","method":"textDocument/foldingRange","params":{"textDocument":{"uri":"file:///tmp/export/input_80/workspace/main.cpp"}}}
I[04:23:34.049] <-- textDocument/foldingRange(6)
#0 0x84f7621 in clang::TemplateParameterList::getParam(unsigned int) /src/clang/include/clang/AST/DeclTemplate.h:149:12
#1 0x84f7621 in FinishTemplateArgumentDeduction(clang::Sema&, clang::TemplateDecl*, bool, llvm::ArrayRef<clang::TemplateArgument>, llvm::SmallVectorImpl<clang::DeducedTemplateArgument>&, clang::sema::TemplateDeductionInfo&) /src/clang/lib/Sema/SemaTemplateDeduction.cpp:3429:70
#2 0x84fca8d in clang::Sema::isTemplateTemplateParameterAtLeastAsSpecializedAs(clang::TemplateParameterList*, clang::TemplateDecl*, clang::TemplateDecl*, clang::DefaultArguments const&, clang::SourceLocation, bool, bool*)::$_0::operator()() const /src/clang/lib/Sema/SemaTemplateDeduction.cpp:6628:11
#3 0x84fca8d in void llvm::function_ref<void ()>::callback_fn<clang::Sema::isTemplateTemplateParameterAtLeastAsSpecializedAs(clang::TemplateParameterList*, clang::TemplateDecl*, clang::TemplateDecl*, clang::DefaultArguments const&, clang::SourceLocation, bool, bool*)::$_0>(long) /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:46:12
#4 0x7d0b36c in llvm::function_ref<void ()>::operator()() const /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
#5 0x7d0b36c in clang::runWithSufficientStackSpace(llvm::function_ref<void ()>, llvm::function_ref<void ()>) /src/clang/include/clang/Basic/Stack.h:46:7
#6 0x7d0b36c in clang::StackExhaustionHandler::runWithSufficientStackSpace(clang::SourceLocation, llvm::function_ref<void ()>) /src/clang/lib/Basic/StackExhaustionHandler.cpp:20:3
#7 0x84fbab0 in clang::Sema::runWithSufficientStackSpace(clang::SourceLocation, llvm::function_ref<void ()>) /src/clang/lib/Sema/Sema.cpp:566:16
#8 0x84fbab0 in clang::Sema::isTemplateTemplateParameterAtLeastAsSpecializedAs(clang::TemplateParameterList*, clang::TemplateDecl*, clang::TemplateDecl*, clang::DefaultArguments const&, clang::SourceLocation, bool, bool*) /src/clang/lib/Sema/SemaTemplateDeduction.cpp:6627:3
#9 0x82dfbf0 in clang::Sema::CheckTemplateTemplateArgument(clang::TemplateTemplateParmDecl*, clang::TemplateParameterList*, clang::TemplateArgumentLoc&, bool, bool*) /src/clang/lib/Sema/SemaTemplate.cpp:7410:8
#10 0x82d2967 in clang::Sema::CheckTemplateArgument(clang::NamedDecl*, clang::TemplateArgumentLoc&, clang::NamedDecl*, clang::SourceLocation, clang::SourceLocation, unsigned int, clang::Sema::CheckTemplateArgumentInfo&, clang::Sema::CheckTemplateArgumentKind) /src/clang/lib/Sema/SemaTemplate.cpp:5437:9
#11 0x82cdcbc in clang::Sema::CheckTemplateArgumentList(clang::TemplateDecl*, clang::SourceLocation, clang::TemplateArgumentListInfo&, clang::DefaultArguments const&, bool, clang::Sema::CheckTemplateArgumentInfo&, bool, bool*) /src/clang/lib/Sema/SemaTemplate.cpp:5617:13
#12 0x8328e2c in clang::Sema::CheckTemplateIdType(clang::TemplateName, clang::SourceLocation, clang::TemplateArgumentListInfo&) /src/clang/lib/Sema/SemaTemplate.cpp:3502:7
#13 0x8405e65 in clang::Sema::ActOnTemplateIdType(clang::Scope*, clang::CXXScopeSpec&, clang::SourceLocation, clang::OpaquePtr<clang::TemplateName>, clang::IdentifierInfo const*, clang::SourceLocation, clang::SourceLocation, llvm::MutableArrayRef<clang::ParsedTemplateArgument>, clang::SourceLocation, bool, bool, clang::ImplicitTypenameContext) /src/clang/lib/Sema/SemaTemplate.cpp:3828:21
#14 0x10373514 in clang::Parser::AnnotateTemplateIdTokenAsType(clang::CXXScopeSpec&, clang::ImplicitTypenameContext, bool) /src/clang/lib/Parse/ParseTemplate.cpp:1376:21
#15 0x101f493c in clang::Parser::TryAnnotateTypeOrScopeTokenAfterScopeSpec(clang::CXXScopeSpec&, bool, clang::ImplicitTypenameContext) /src/clang/lib/Parse/Parser.cpp:2220:7
#16 0x101f5694 in clang::Parser::TryAnnotateTypeOrScopeToken(clang::ImplicitTypenameContext) /src/clang/lib/Parse/Parser.cpp:2117:10
#17 0x10231b2e in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /src/clang/lib/Parse/ParseExpr.cpp:1245:13
#18 0x1022bcd3 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, clang::Parser::TypeCastState, bool, bool*) /src/clang/lib/Parse/ParseExpr.cpp:729:20
#19 0x1022bcd3 in clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /src/clang/lib/Parse/ParseExpr.cpp:184:20
#20 0x10251cfa in clang::Parser::ParseExpressionList(llvm::SmallVectorImpl<clang::Expr*>&, llvm::function_ref<void ()>, bool, bool, bool*) /src/clang/lib/Parse/ParseExpr.cpp:3705:14
#21 0x1024d6be in clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*, true>) /src/clang/lib/Parse/ParseExpr.cpp:2222:27
#22 0x1023114f in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /src/clang/lib/Parse/ParseExpr.cpp:1963:9
#23 0x1022bcd3 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, clang::Parser::TypeCastState, bool, bool*) /src/clang/lib/Parse/ParseExpr.cpp:729:20
#24 0x1022bcd3 in clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /src/clang/lib/Parse/ParseExpr.cpp:184:20
#25 0x10380293 in clang::Parser::ParseExpression(clang::Parser::TypeCastState) /src/clang/lib/Parse/ParseExpr.cpp:135:18
#26 0x10380293 in clang::Parser::ParseExprStatement(clang::Parser::ParsedStmtContext) /src/clang/lib/Parse/ParseStmt.cpp:564:19
#27 0x10379e22 in clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) /src/clang/lib/Parse/ParseStmt.cpp:293:14
#28 0x10378b3e in clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /src/clang/lib/Parse/ParseStmt.cpp:125:20
#29 0x103849fd in clang::Parser::ParseCompoundStatementBody(bool) /src/clang/lib/Parse/ParseStmt.cpp:1267:11
#30 0x103971d7 in clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) /src/clang/lib/Parse/ParseStmt.cpp:2577:21
#31 0x101eeb4e in clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /src/clang/lib/Parse/Parser.cpp:1520:10
#32 0x102e56f6 in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /src/clang/lib/Parse/ParseDecl.cpp:2461:17
#33 0x101e8801 in clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /src/clang/lib/Parse/Parser.cpp:1244:10
#34 0x101e79af in clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /src/clang/lib/Parse/Parser.cpp:1266:12
#35 0x101e4f17 in clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) /src/clang/lib/Parse/Parser.cpp:1069:14
#36 0x101dff19 in clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /src/clang/lib/Parse/Parser.cpp:758:12
#37 0x101cff6d in clang::ParseAST(clang::Sema&, bool, bool) /src/clang/lib/Parse/ParseAST.cpp:171:20
#38 0xfd2d817 in clang::FrontendAction::Execute() /src/clang/lib/Frontend/FrontendAction.cpp:1072:3
#39 0x8de1c7c in clang::clangd::ParsedAST::build(llvm::StringRef, clang::clangd::ParseInputs const&, std::unique_ptr<clang::CompilerInvocation, std::default_delete<clang::CompilerInvocation>>, llvm::ArrayRef<clang::clangd::Diag>, std::shared_ptr<clang::clangd::PreambleData const>) /src/clang-tools-extra/clangd/ParsedAST.cpp:713:33
#40 0x8fa35f7 in clang::clangd::(anonymous namespace)::ASTWorker::generateDiagnostics(std::unique_ptr<clang::CompilerInvocation, std::default_delete<clang::CompilerInvocation>>, clang::clangd::ParseInputs, std::vector<clang::clangd::Diag, std::allocator<clang::clangd::Diag>>) /src/clang-tools-extra/clangd/TUScheduler.cpp:1214:39
#41 0x8fa7db9 in clang::clangd::(anonymous namespace)::ASTWorker::updatePreamble(std::unique_ptr<clang::CompilerInvocation, std::default_delete<clang::CompilerInvocation>>, clang::clangd::ParseInputs, std::shared_ptr<clang::clangd::PreambleData const>, std::vector<clang::clangd::Diag, std::allocator<clang::clangd::Diag>>, clang::clangd::WantDiagnostics)::$_0::operator()() /src/clang-tools-extra/clangd/TUScheduler.cpp:1148:5
#42 0x8fa5c2f in llvm::function_ref<void ()>::operator()() const /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
#43 0x8fa5c2f in clang::clangd::(anonymous namespace)::ASTWorker::runTask(llvm::StringRef, llvm::function_ref<void ()>) /src/clang-tools-extra/clangd/TUScheduler.cpp:1328:3
#44 0x8fafba0 in clang::clangd::(anonymous namespace)::ASTWorker::run() /src/clang-tools-extra/clangd/TUScheduler.cpp:1462:7
#45 0x8fafba0 in clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&)::$_0::operator()() const /src/clang-tools-extra/clangd/TUScheduler.cpp:826:42
#46 0x8fafba0 in void llvm::detail::UniqueFunctionBase<void>::CallImpl<clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&)::$_0>(void*) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
#47 0x92f9844 in llvm::unique_function<void ()>::operator()() /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
#48 0x92f9844 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1::operator()() /src/clang-tools-extra/clangd/support/Threading.cpp:101:5
#49 0x92f9844 in auto void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)::operator()<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) const /src/llvm/include/llvm/Support/thread.h:43:11
#50 0x92f9844 in auto std::__invoke_impl<void, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(std::__invoke_other, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)&&, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
#51 0x92f9844 in std::__invoke_result<auto, auto...>::type std::__invoke<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
#52 0x92f9844 in decltype(auto) std::__apply_impl<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, 0ul>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, std::integer_sequence<unsigned long, 0ul>) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
#53 0x92f9844 in decltype(auto) std::apply<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
#54 0x92f9844 in void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:41:5
#55 0x92f9844 in void* llvm::thread::ThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:55:5
#56 0x5875f5c in asan_thread_start(void*) crtstuff.c
#57 0x7ffff7b0c7e1 in start_thread (/lib64/libc.so.6+0x897e1) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
#58 0x7ffff7b917ff in __GI___clone3 (/lib64/libc.so.6+0x10e7ff) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
0x521000383488 is located 1928 bytes inside of 4096-byte region [0x521000382d00,0x521000383d00)
allocated by thread T130 here:
#0 0x58b5bf6 in operator new(unsigned long, std::align_val_t, std::nothrow_t const&) (/src/build/bin/clangd+0x58b5bf6) (BuildId: fa125a9c7a3a69e8)
#1 0x58e6230 in llvm::allocate_buffer(unsigned long, unsigned long) /src/llvm/lib/Support/MemAlloc.cpp:16:18
#2 0x58e6230 in llvm::MallocAllocator::Allocate(unsigned long, unsigned long) /src/llvm/include/llvm/Support/AllocatorBase.h:92:12
#3 0x58e6230 in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096ul, 4096ul, 128ul>::StartNewSlab() /src/llvm/include/llvm/Support/Allocator.h:346:42
#4 0x58e6230 in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator, 4096ul, 4096ul, 128ul>::AllocateSlow(unsigned long, unsigned long, llvm::Align) /src/llvm/include/llvm/Support/Allocator.h:202:5
Thread T130 created by T0 here:
#0 0x585f715 in pthread_create (/src/build/bin/clangd+0x585f715) (BuildId: fa125a9c7a3a69e8)
#1 0x5dfde78 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional<unsigned int>) /src/llvm/lib/Support/Unix/Threading.inc:96:17
#2 0x92f94e1 in llvm::thread::thread<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>(std::optional<unsigned int>, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&&) /src/llvm/include/llvm/Support/thread.h:131:12
#3 0x92f94e1 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>) /src/clang-tools-extra/clangd/support/Threading.cpp:107:16
#4 0x8fb8ceb in clang::clangd::(anonymous namespace)::ASTWorker::create(llvm::StringRef, clang::clangd::GlobalCompilationDatabase const&, clang::clangd::TUScheduler::ASTCache&, clang::clangd::TUScheduler::HeaderIncluderCache&, clang::clangd::AsyncTaskRunner*, clang::clangd::Semaphore&, clang::clangd::TUScheduler::Options const&, clang::clangd::ParsingCallbacks&) /src/clang-tools-extra/clangd/TUScheduler.cpp:825:12
#5 0x8fb8ceb in clang::clangd::TUScheduler::update(llvm::StringRef, clang::clangd::ParseInputs, clang::clangd::WantDiagnostics) /src/clang-tools-extra/clangd/TUScheduler.cpp:1681:30
#6 0x8a8510e in clang::clangd::ClangdServer::addDocument(llvm::StringRef, llvm::StringRef, llvm::StringRef, clang::clangd::WantDiagnostics, bool) /src/clang-tools-extra/clangd/ClangdServer.cpp:316:33
#7 0x89d7782 in clang::clangd::ClangdLSPServer::onDocumentDidOpen(clang::clangd::DidOpenTextDocumentParams const&) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:726:11
#8 0x8a1431f in void clang::clangd::LSPBinder::notification<clang::clangd::DidOpenTextDocumentParams, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::DidOpenTextDocumentParams const&))::'lambda'(llvm::json::Value)::operator()(llvm::json::Value) const /src/clang-tools-extra/clangd/LSPBinder.h:153:5
#9 0x8a1410e in void llvm::detail::UniqueFunctionBase<void, llvm::json::Value>::CallImpl<void clang::clangd::LSPBinder::notification<clang::clangd::DidOpenTextDocumentParams, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::DidOpenTextDocumentParams const&))::'lambda'(llvm::json::Value)>(void*, llvm::json::Value&) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
#10 0x8a3ba22 in llvm::unique_function<void (llvm::json::Value)>::operator()(llvm::json::Value) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
#11 0x8a3ba22 in clang::clangd::ClangdLSPServer::MessageHandler::onNotify(llvm::StringRef, llvm::json::Value) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:219:7
#12 0x8d75a57 in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:195:18
#13 0x8d75a57 in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:119:16
#14 0x8a46a69 in clang::clangd::ClangdLSPServer::run() /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
#15 0x8890359 in clang::clangd::clangdMain(int, char**) /src/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
#16 0x7ffff7aac5cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: 7a40a22c9a82854f3d66767232ae364a99174860)
SUMMARY: AddressSanitizer: use-after-poison /src/clang/include/clang/AST/DeclTemplate.h:149:12 in clang::TemplateParameterList::getParam(unsigned int)
Shadow bytes around the buggy address:
0x521000383200: 00 00 f7 00 00 00 00 f7 00 00 00 00 00 00 00 00
0x521000383280: 00 00 00 f7 00 00 04 00 00 00 00 00 00 00 00 00
0x521000383300: 00 00 f7 00 00 04 00 00 00 00 00 00 00 00 00 00
0x521000383380: 00 f7 00 00 00 00 00 00 00 00 00 00 f7 f7 00 00
0x521000383400: 00 00 00 00 f7 f7 00 00 00 00 00 00 f7 00 00 00
=>0x521000383480: 00[f7]00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x521000383500: 00 00 00 00 f7 00 00 00 f7 00 00 00 00 00 00 00
0x521000383580: 00 00 00 00 f7 00 00 00 f7 00 00 00 00 00 00 00
0x521000383600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x521000383680: 00 00 00 f7 00 00 00 f7 00 00 00 f7 00 00 00 00
0x521000383700: 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 00 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==35001==ABORTING