Memory errors in the past days

Since I last updated LLVM in the past few days, I have had occasional crashes. The last one is really concerning, because it happens on round-tripping with mlir-opt (no other option). Here is the code:

func @float2complex(f32)->complex<f32>

@concat_aux(%sample_size:index,%offset:index,%hann:memref<?xf32>,%circ:memref<?xi16>,%out:memref<?xcomplex<f32>>) {
  %1 = constant 1 : index
  scf.for %idx = %0 to %sample_size step %1 {
    %x = load %circ[%idx] : memref<?xi16>
    %y = std.sitofp %x : i16 to f32
    %adr = addi %idx,%offset : index
    %z = load %hann[%adr] : memref<?xf32>
    %t = mulf %y,%z : f32
    %u = call @float2complex(%t) : (f32)->complex<f32>
    store %u, %out[%adr] : memref<?xcomplex<f32>>
  }
  return
}
func @concat_samples(%hann:memref<?xf32>,
	    %circ0:memref<?xi16>,%circ1:memref<?xi16>, // Data input
	    %circ2:memref<?xi16>,%circ3:memref<?xi16>, // Data input
	    %out:memref<?xcomplex<f32>> // Data output
	    ) {
  %0 = constant 0 : index
  %sample_size = dim %circ0,%0 : memref<?xcomplex<f32>>
  %off0 = constant 0 : index
  %off1 = addi %off0, %sample_size : index
  %off2 = addi %off1, %sample_size : index
  %off3 = addi %off2, %sample_size : index
  call @concat_aux(%sample_size,%off0,%hann,%circ0,%out) : (index,index,memref<?xf32>,memref<?xi16>,memref<?xcomplex<f32>>)->()
  call @concat_aux(%sample_size,%off1,%hann,%circ1,%out) : (index,index,memref<?xf32>,memref<?xi16>,memref<?xcomplex<f32>>)->()
  call @concat_aux(%sample_size,%off2,%hann,%circ2,%out) : (index,index,memref<?xf32>,memref<?xi16>,memref<?xcomplex<f32>>)->()
  call @concat_aux(%sample_size,%off3,%hann,%circ3,%out) : (index,index,memref<?xf32>,memref<?xi16>,memref<?xcomplex<f32>>)->()
  return
}

Since I compile with AddressSanitizer, I can see a memory error:

pitch-memref.mlir:34:22: error: use of value '%circ0' expects different type than prior uses: 'memref<?xcomplex<f32>>' vs 'memref<?xi16>'
  %sample_size = dim %circ0,%0 : memref<?xcomplex<f32>>
                     ^
pitch-memref.mlir:29:6: note: prior use here
            %circ0:memref<?xi16>,%circ1:memref<?xi16>, // Data input
            ^
=================================================================
==59490==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000037f8 at pc 0x000113df1206 bp 0x7ffee3141da0 sp 0x7ffee3141d98
WRITE of size 8 at 0x6070000037f8 thread T0
    #0 0x113df1205 in mlir::IROperand<mlir::OpOperand, mlir::detail::OpaqueValue>::removeFromCurrent() (mlir-opt:x86_64+0x107336205)
    #1 0x113dd53d6 in mlir::IROperand<mlir::OpOperand, mlir::detail::OpaqueValue>::drop() (mlir-opt:x86_64+0x10731a3d6)
    #2 0x113dd500a in mlir::Operation::dropAllReferences() (mlir-opt:x86_64+0x10731a00a)
    #3 0x113b0e683 in mlir::Block::dropAllReferences() (mlir-opt:x86_64+0x107053683)
    #4 0x113e1fb43 in mlir::Region::dropAllReferences() (mlir-opt:x86_64+0x107364b43)
    #5 0x113dd512a in mlir::Operation::dropAllReferences() (mlir-opt:x86_64+0x10731a12a)
    #6 0x113b0e683 in mlir::Block::dropAllReferences() (mlir-opt:x86_64+0x107053683)
    #7 0x113e1fb43 in mlir::Region::dropAllReferences() (mlir-opt:x86_64+0x107364b43)
    #8 0x113e1f96b in mlir::Region::~Region() (mlir-opt:x86_64+0x10736496b)
    #9 0x113e1fc04 in mlir::Region::~Region() (mlir-opt:x86_64+0x107364c04)
    #10 0x113dd051b in mlir::Operation::~Operation() (mlir-opt:x86_64+0x10731551b)
    #11 0x113dd0654 in mlir::Operation::~Operation() (mlir-opt:x86_64+0x107315654)
    #12 0x113dd067b in mlir::Operation::destroy() (mlir-opt:x86_64+0x10731567b)
    #13 0x113dd3cbe in mlir::Operation::erase() (mlir-opt:x86_64+0x107318cbe)
    #14 0x1132c2f07 in mlir::OpState::erase() (mlir-opt:x86_64+0x106807f07)
    #15 0x1132c2e87 in mlir::OwningOpRefBase<mlir::ModuleOp>::~OwningOpRefBase() (mlir-opt:x86_64+0x106807e87)
    #16 0x1132c2e47 in mlir::OwningModuleRef::~OwningModuleRef() (mlir-opt:x86_64+0x106807e47)
    #17 0x1132c2e24 in mlir::OwningModuleRef::~OwningModuleRef() (mlir-opt:x86_64+0x106807e24)
    #18 0x1133381dd in mlir::parseSourceFile(llvm::SourceMgr const&, mlir::MLIRContext*) (mlir-opt:x86_64+0x10687d1dd)
    #19 0x1132bd7cd in performActions(llvm::raw_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext*, mlir::PassPipelineCLParser const&) (mlir-opt:x86_64+0x1068027cd)
    #20 0x1132b94f5 in processBuffer(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, bool, bool, bool, bool, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&) (mlir-opt:x86_64+0x1067fe4f5)
    #21 0x1132b8ee1 in mlir::MlirOptMain(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool) (mlir-opt:x86_64+0x1067fdee1)
    #22 0x1132bb8cb in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&, bool) (mlir-opt:x86_64+0x1068008cb)
    #23 0x10cabd44b in main (mlir-opt:x86_64+0x10000244b)
    #24 0x7fff649397fc in start (libdyld.dylib:x86_64+0x1a7fc)

0x6070000037f8 is located 72 bytes inside of 80-byte region [0x6070000037b0,0x607000003800)
freed by thread T0 here:
    #0 0x1184a7be6 in wrap_free (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x44be6)
    #1 0x113dd0687 in mlir::Operation::destroy() (mlir-opt:x86_64+0x107315687)
    #2 0x113dd3614 in llvm::ilist_traits<mlir::Operation>::deleteNode(mlir::Operation*) (mlir-opt:x86_64+0x107318614)
    #3 0x113df0df3 in llvm::iplist_impl<llvm::simple_ilist<mlir::Operation>, llvm::ilist_traits<mlir::Operation> >::erase(llvm::ilist_iterator<llvm::ilist_detail::node_options<mlir::Operation, true, false, void>, false, false>) (mlir-opt:x86_64+0x107335df3)
    #4 0x113b16741 in llvm::iplist_impl<llvm::simple_ilist<mlir::Operation>, llvm::ilist_traits<mlir::Operation> >::pop_back() (mlir-opt:x86_64+0x10705b741)
    #5 0x113b0ce25 in mlir::Block::clear() (mlir-opt:x86_64+0x107051e25)
    #6 0x113b0c4f2 in mlir::Block::~Block() (mlir-opt:x86_64+0x1070514f2)
    #7 0x113b0d434 in mlir::Block::~Block() (mlir-opt:x86_64+0x107052434)
    #8 0x1133808ca in std::__1::default_delete<mlir::Block>::operator()(mlir::Block*) const (mlir-opt:x86_64+0x1068c58ca)
    #9 0x11338086e in std::__1::unique_ptr<mlir::Block, std::__1::default_delete<mlir::Block> >::reset(mlir::Block*) (mlir-opt:x86_64+0x1068c586e)
    #10 0x1133807a8 in std::__1::unique_ptr<mlir::Block, std::__1::default_delete<mlir::Block> >::~unique_ptr() (mlir-opt:x86_64+0x1068c57a8)
    #11 0x113377c44 in std::__1::unique_ptr<mlir::Block, std::__1::default_delete<mlir::Block> >::~unique_ptr() (mlir-opt:x86_64+0x1068bcc44)
    #12 0x1133741e0 in (anonymous namespace)::OperationParser::parseRegion(mlir::Region&, llvm::ArrayRef<std::__1::pair<(anonymous namespace)::OperationParser::SSAUseInfo, mlir::Type> >, bool) (mlir-opt:x86_64+0x1068b91e0)
    #13 0x11335fd19 in (anonymous namespace)::CustomOpAsmParser::parseRegion(mlir::Region&, llvm::ArrayRef<mlir::OpAsmParser::OperandType>, llvm::ArrayRef<mlir::Type>, bool) (mlir-opt:x86_64+0x1068a4d19)
    #14 0x11336070e in (anonymous namespace)::CustomOpAsmParser::parseOptionalRegion(mlir::Region&, llvm::ArrayRef<mlir::OpAsmParser::OperandType>, llvm::ArrayRef<mlir::Type>, bool) (mlir-opt:x86_64+0x1068a570e)
    #15 0x113cb5892 in mlir::impl::parseFunctionLikeOp(mlir::OpAsmParser&, mlir::OperationState&, bool, llvm::function_ref<mlir::Type (mlir::Builder&, llvm::ArrayRef<mlir::Type>, llvm::ArrayRef<mlir::Type>, mlir::impl::VariadicFlag, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&)>) (mlir-opt:x86_64+0x1071fa892)
    #16 0x113c9d0a8 in mlir::FuncOp::parse(mlir::OpAsmParser&, mlir::OperationState&) (mlir-opt:x86_64+0x1071e20a8)
    #17 0x113cff154 in mlir::AbstractOperation::parseAssembly(mlir::OpAsmParser&, mlir::OperationState&) const (mlir-opt:x86_64+0x107244154)
    #18 0x113352656 in (anonymous namespace)::CustomOpAsmParser::parseOperation(mlir::OperationState&) (mlir-opt:x86_64+0x106897656)
    #19 0x11334bea0 in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef<std::__1::tuple<llvm::StringRef, unsigned int, llvm::SMLoc> >) (mlir-opt:x86_64+0x106890ea0)
    #20 0x11333c8f6 in (anonymous namespace)::OperationParser::parseOperation() (mlir-opt:x86_64+0x1068818f6)
    #21 0x11333887b in (anonymous namespace)::ModuleParser::parseModule(mlir::ModuleOp) (mlir-opt:x86_64+0x10687d87b)
    #22 0x113337f56 in mlir::parseSourceFile(llvm::SourceMgr const&, mlir::MLIRContext*) (mlir-opt:x86_64+0x10687cf56)
    #23 0x1132bd7cd in performActions(llvm::raw_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext*, mlir::PassPipelineCLParser const&) (mlir-opt:x86_64+0x1068027cd)
    #24 0x1132b94f5 in processBuffer(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, bool, bool, bool, bool, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&) (mlir-opt:x86_64+0x1067fe4f5)
    #25 0x1132b8ee1 in mlir::MlirOptMain(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool) (mlir-opt:x86_64+0x1067fdee1)
    #26 0x1132bb8cb in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&, bool) (mlir-opt:x86_64+0x1068008cb)
    #27 0x10cabd44b in main (mlir-opt:x86_64+0x10000244b)
    #28 0x7fff649397fc in start (libdyld.dylib:x86_64+0x1a7fc)

previously allocated by thread T0 here:
    #0 0x1184a7a9d in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x44a9d)
    #1 0x113dccd59 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::MutableDictionaryAttr, mlir::BlockRange, unsigned int) (mlir-opt:x86_64+0x107311d59)
    #2 0x113dcdf47 in mlir::Operation::create(mlir::Location, mlir::OperationName, mlir::TypeRange, mlir::ValueRange, mlir::MutableDictionaryAttr, mlir::BlockRange, mlir::RegionRange) (mlir-opt:x86_64+0x107312f47)
    #3 0x113dcd7b8 in mlir::Operation::create(mlir::OperationState const&) (mlir-opt:x86_64+0x1073127b8)
    #4 0x113b33693 in mlir::OpBuilder::createOperation(mlir::OperationState const&) (mlir-opt:x86_64+0x107078693)
    #5 0x11334c055 in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef<std::__1::tuple<llvm::StringRef, unsigned int, llvm::SMLoc> >) (mlir-opt:x86_64+0x106891055)
    #6 0x11333c8f6 in (anonymous namespace)::OperationParser::parseOperation() (mlir-opt:x86_64+0x1068818f6)
    #7 0x113379380 in (anonymous namespace)::OperationParser::parseBlockBody(mlir::Block*) (mlir-opt:x86_64+0x1068be380)
    #8 0x113376818 in (anonymous namespace)::OperationParser::parseBlock(mlir::Block*&) (mlir-opt:x86_64+0x1068bb818)
    #9 0x113373a61 in (anonymous namespace)::OperationParser::parseRegion(mlir::Region&, llvm::ArrayRef<std::__1::pair<(anonymous namespace)::OperationParser::SSAUseInfo, mlir::Type> >, bool) (mlir-opt:x86_64+0x1068b8a61)
    #10 0x11335fd19 in (anonymous namespace)::CustomOpAsmParser::parseRegion(mlir::Region&, llvm::ArrayRef<mlir::OpAsmParser::OperandType>, llvm::ArrayRef<mlir::Type>, bool) (mlir-opt:x86_64+0x1068a4d19)
    #11 0x11336070e in (anonymous namespace)::CustomOpAsmParser::parseOptionalRegion(mlir::Region&, llvm::ArrayRef<mlir::OpAsmParser::OperandType>, llvm::ArrayRef<mlir::Type>, bool) (mlir-opt:x86_64+0x1068a570e)
    #12 0x113cb5892 in mlir::impl::parseFunctionLikeOp(mlir::OpAsmParser&, mlir::OperationState&, bool, llvm::function_ref<mlir::Type (mlir::Builder&, llvm::ArrayRef<mlir::Type>, llvm::ArrayRef<mlir::Type>, mlir::impl::VariadicFlag, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&)>) (mlir-opt:x86_64+0x1071fa892)
    #13 0x113c9d0a8 in mlir::FuncOp::parse(mlir::OpAsmParser&, mlir::OperationState&) (mlir-opt:x86_64+0x1071e20a8)
    #14 0x113cff154 in mlir::AbstractOperation::parseAssembly(mlir::OpAsmParser&, mlir::OperationState&) const (mlir-opt:x86_64+0x107244154)
    #15 0x113352656 in (anonymous namespace)::CustomOpAsmParser::parseOperation(mlir::OperationState&) (mlir-opt:x86_64+0x106897656)
    #16 0x11334bea0 in (anonymous namespace)::OperationParser::parseCustomOperation(llvm::ArrayRef<std::__1::tuple<llvm::StringRef, unsigned int, llvm::SMLoc> >) (mlir-opt:x86_64+0x106890ea0)
    #17 0x11333c8f6 in (anonymous namespace)::OperationParser::parseOperation() (mlir-opt:x86_64+0x1068818f6)
    #18 0x11333887b in (anonymous namespace)::ModuleParser::parseModule(mlir::ModuleOp) (mlir-opt:x86_64+0x10687d87b)
    #19 0x113337f56 in mlir::parseSourceFile(llvm::SourceMgr const&, mlir::MLIRContext*) (mlir-opt:x86_64+0x10687cf56)
    #20 0x1132bd7cd in performActions(llvm::raw_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext*, mlir::PassPipelineCLParser const&) (mlir-opt:x86_64+0x1068027cd)
    #21 0x1132b94f5 in processBuffer(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, bool, bool, bool, bool, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&) (mlir-opt:x86_64+0x1067fe4f5)
    #22 0x1132b8ee1 in mlir::MlirOptMain(llvm::raw_ostream&, std::__1::unique_ptr<llvm::MemoryBuffer, std::__1::default_delete<llvm::MemoryBuffer> >, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool) (mlir-opt:x86_64+0x1067fdee1)
    #23 0x1132bb8cb in mlir::MlirOptMain(int, char**, llvm::StringRef, mlir::DialectRegistry&, bool) (mlir-opt:x86_64+0x1068008cb)
    #24 0x10cabd44b in main (mlir-opt:x86_64+0x10000244b)
    #25 0x7fff649397fc in start (libdyld.dylib:x86_64+0x1a7fc)

SUMMARY: AddressSanitizer: heap-use-after-free (mlir-opt:x86_64+0x107336205) in mlir::IROperand<mlir::OpOperand, mlir::detail::OpaqueValue>::removeFromCurrent()
Shadow bytes around the buggy address:
  0x1c0e000006a0: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x1c0e000006b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
  0x1c0e000006c0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x1c0e000006d0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
  0x1c0e000006e0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x1c0e000006f0: fd fa fa fa fa fa fd fd fd fd fd fd fd fd fd[fd]
  0x1c0e00000700: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x1c0e00000710: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c0e00000720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0e00000730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c0e00000740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==59490==ABORTING
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt pitch-memref.mlir 
Abort trap: 6

I didn’t have those before…

Can you file a bug on https://bugs.llvm.org ?