[clangd] heap-use-after-free on signature help (CompilerInstance.cpp:409:56)

[henryhchchc]

A textDocument/signatureHelp at the extern (line 11) caused a heap-use-after-free.

(Generated by fuzzer)

#pragma clang module contents
  # 10  omp target parallel (

    #pragma omp target teams distribute parallel for simd is_device_ptr(k,i,j)

    #pragma clang module build bar
      module
        getFunctionTypeInternal {}
    #pragma clang module contents
      #pragma clang module begin bar
        extern int n;
      #pragma clang module end
    #pragma clang module endbuild


#line

    constexpr int *shouldRegisterGCDAntipattern() { return &n; }

      #pragma omp parallel private(i)
#pragma clang module endbuild

Log and stack trace is as follows

I[13:36:02.879] clangd version 20.1.4 (https://github.com/llvm/llvm-project.git ec28b8f9cc7f2ac187d8a617a6d08d5e56f9120e)
I[13:36:02.879] Features: linux+asan
I[13:36:02.879] PID: 1578
I[13:36:02.879] Working directory: /tmp/export1/id_5_time_3936_exec_34217
I[13:36:02.879] argv[0]: /src/build/bin/clangd
I[13:36:02.879] Starting LSP over stdin/stdout
I[13:36:02.881] <-- initialize(0)
I[13:36:02.907] --> reply:initialize(0) 26 ms
Content-Length: 2050

{"id":0,"jsonrpc":"2.0","result":{"capabilities":{"astProvider":true,"callHierarchyProvider":true,"clangdInlayHintsProvider":true,"codeActionProvider":true,"compilationDatabase":{"automaticReload":true},"completionProvider":{"resolveProvider":false,"triggerCharacters":[".","<",">",":","\"","/","*"]},"declarationProvider":true,"definitionProvider":true,"documentFormattingProvider":true,"documentHighlightProvider":true,"documentLinkProvider":{"resolveProvider":false},"documentOnTypeFormattingProvider":{"firstTriggerCharacter":"\n","moreTriggerCharacter":[]},"documentRangeFormattingProvider":true,"documentSymbolProvider":true,"executeCommandProvider":{"commands":["clangd.applyFix","clangd.applyRename","clangd.applyTweak"]},"foldingRangeProvider":true,"hoverProvider":true,"implementationProvider":true,"inactiveRegionsProvider":true,"inlayHintProvider":true,"memoryUsageProvider":true,"referencesProvider":true,"renameProvider":true,"selectionRangeProvider":true,"semanticTokensProvider":{"full":{"delta":true},"legend":{"tokenModifiers":["declaration","definition","deprecated","deduced","readonly","static","abstract","virtual","dependentName","defaultLibrary","usedAsMutableReference","usedAsMutablePointer","constructorOrDestructor","userDefined","functionScope","classScope","fileScope","globalScope"],"tokenTypes":["variable","variable","parameter","function","method","function","property","variable","class","interface","enum","enumMember","type","type","unknown","namespace","typeParameter","concept","type","macro","modifier","operator","bracket","label","comment"]},"range":false},"signatureHelpProvider":{"triggerCharacters":["(",")","{","}","<",">",","]},"standardTypeHierarchyProvider":true,"textDocumentSync":{"change":2,"openClose":true,"save":true},"typeDefinitionProvider":true,"typeHierarchyProvider":true,"workspaceSymbolProvider":true},"serverInfo":{"name":"clangd","version":"clangd version 20.1.4 (https://github.com/llvm/llvm-project.git ec28b8f9cc7f2ac187d8a617a6d08d5e56f9120e) linux+asan x86_64-unknown-linux-gnu"}}}I[13:36:02.907] <-- initialized
I[13:36:02.907] <-- textDocument/didOpen
I[13:36:02.908] <-- textDocument/signatureHelp(5)
I[13:36:02.909] Failed to find compilation database for /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
I[13:36:02.909] ASTWorker building file /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx version 1 with command clangd fallback
[/tmp/export1/id_5_time_3936_exec_34217/workspace]
/usr/bin/clang -resource-dir=/src/build/lib/clang/20 -- /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
I[13:36:02.931] Built preamble of size 275620 for file /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx version 1 in 0.02 seconds
I[13:36:02.932] --> workspace/semanticTokens/refresh(0)
Content-Length: 82

{"id":0,"jsonrpc":"2.0","method":"workspace/semanticTokens/refresh","params":null}I[13:36:02.936] Indexing c++17 standard library in the context of /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
=================================================================
==1578==ERROR: AddressSanitizer: heap-use-after-free on address 0x50800001f230 at pc 0x00000fbd71b5 bp 0x7fff563c37b0 sp 0x7fff563c37a8
READ of size 8 at 0x50800001f230 thread T140
    #0 0xfbd71b4 in llvm::MemoryBuffer::getBufferSize() const /src/llvm/include/llvm/Support/MemoryBuffer.h:68:41
    #1 0xfbd71b4 in InitializeFileRemapping(clang::DiagnosticsEngine&, clang::SourceManager&, clang::FileManager&, clang::PreprocessorOptions const&) /src/clang/lib/Frontend/CompilerInstance.cpp:409:56
    #2 0xfbd71b4 in clang::CompilerInstance::createPreprocessor(clang::TranslationUnitKind) /src/clang/lib/Frontend/CompilerInstance.cpp:468:3
    #3 0xfd298d4 in clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&, clang::FrontendInputFile const&) /src/clang/lib/Frontend/FrontendAction.cpp:819:8
    #4 0xfbc5e3b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /src/clang/lib/Frontend/CompilerInstance.cpp:1055:13
    #5 0xfbc4a90 in compileModuleImpl(clang::CompilerInstance&, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref<void (clang::CompilerInstance&)>, llvm::function_ref<void (clang::CompilerInstance&)>)::$_1::operator()() const /src/clang/lib/Frontend/CompilerInstance.cpp:1281:18
    #6 0xfbc4a90 in void llvm::function_ref<void ()>::callback_fn<compileModuleImpl(clang::CompilerInstance&, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref<void (clang::CompilerInstance&)>, llvm::function_ref<void (clang::CompilerInstance&)>)::$_1>(long) /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:46:12
    #7 0x5dee293 in llvm::function_ref<void ()>::operator()() const /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
    #8 0x5dee293 in llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /src/llvm/lib/Support/CrashRecoveryContext.cpp:426:3
    #9 0x5dee55b in RunSafelyOnThread_Dispatch(void*) /src/llvm/lib/Support/CrashRecoveryContext.cpp:510:29
    #10 0x5dee5d0 in auto void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...)::operator()<void (*&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&>(auto&&, auto&&...) const /src/llvm/include/llvm/Support/thread.h:43:11
    #11 0x5dee5d0 in auto std::__invoke_impl<void, void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...), void (*&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&>(std::__invoke_other, void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...)&&, void (*&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #12 0x5dee5d0 in std::__invoke_result<auto, auto...>::type std::__invoke<void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...), void (*&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&>(auto&&, auto&&...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #13 0x5dee5d0 in decltype(auto) std::__apply_impl<void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>&, 0ul, 1ul>(auto&&, std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>&, std::integer_sequence<unsigned long, 0ul, 1ul>) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #14 0x5dee5d0 in decltype(auto) std::apply<void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>&>(auto&&, std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #15 0x5dee5d0 in void llvm::thread::GenericThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*) /src/llvm/include/llvm/Support/thread.h:41:5
    #16 0x5dee5d0 in void* llvm::thread::ThreadProxy<std::tuple<void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>>(void*) /src/llvm/include/llvm/Support/thread.h:55:5
    #17 0x587695c in asan_thread_start(void*) crtstuff.c
    #18 0x7ffff7b0b7f9 in start_thread (/lib64/libc.so.6+0x897f9) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)
    #19 0x7ffff7b9081f in __GI___clone3 (/lib64/libc.so.6+0x10e81f) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)

0x50800001f230 is located 16 bytes inside of 90-byte region [0x50800001f220,0x50800001f27a)
freed by thread T132 here:
    #0 0x587a50a in free (/src/build/bin/clangd+0x587a50a) (BuildId: 8b31158490359739)
    #1 0x6d8cfc5 in std::default_delete<llvm::MemoryBuffer>::operator()(llvm::MemoryBuffer*) const /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:99:2
    #2 0x6d8cfc5 in std::__uniq_ptr_impl<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>::reset(llvm::MemoryBuffer*) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:211:4
    #3 0x6d8cfc5 in std::__uniq_ptr_impl<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>::operator=(std::__uniq_ptr_impl<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>&&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:191:2
    #4 0x6d8cfc5 in std::__uniq_ptr_data<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>, true, true>::operator=(std::__uniq_ptr_data<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>, true, true>&&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:243:61
    #5 0x6d8cfc5 in std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>::operator=(std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>&&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:414:51
    #6 0x6d8cfc5 in clang::SrcMgr::ContentCache::setBuffer(std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>) /src/clang/include/clang/Basic/SourceManager.h:260:12
    #7 0x6d8cfc5 in clang::SourceManager::overrideFileContents(clang::FileEntryRef, std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>) /src/clang/lib/Basic/SourceManager.cpp:721:6
    #8 0xfbdbd95 in EnableCodeCompletion(clang::Preprocessor&, llvm::StringRef, unsigned int, unsigned int) /src/clang/lib/Frontend/CompilerInstance.cpp:706:6
    #9 0xfbdb7d5 in clang::CompilerInstance::createCodeCompletionConsumer() /src/clang/lib/Frontend/CompilerInstance.cpp:717:14

previously allocated by thread T132 here:
    #0 0x587a7a3 in malloc (/src/build/bin/clangd+0x587a7a3) (BuildId: 8b31158490359739)
    #1 0x5d40f8f in operator new(unsigned long, (anonymous namespace)::NamedBufferAlloc const&) /src/llvm/lib/Support/MemoryBuffer.cpp:88:27
    #2 0x5d40c26 in llvm::MemoryBuffer::getMemBuffer(llvm::StringRef, llvm::StringRef, bool) /src/llvm/lib/Support/MemoryBuffer.cpp:131:15
    #3 0x8ae4fde in clang::clangd::(anonymous namespace)::semaCodeComplete(std::unique_ptr<clang::CodeCompleteConsumer, std::default_delete<clang::CodeCompleteConsumer>>, clang::CodeCompleteOptions const&, clang::clangd::(anonymous namespace)::SemaCompleteInput const&, clang::clangd::IncludeStructure*) /src/clang-tools-extra/clangd/CodeComplete.cpp:1393:7
    #4 0x8af4de7 in clang::clangd::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::PreambleData const&, clang::clangd::ParseInputs const&, clang::clangd::MarkupKind) /src/clang-tools-extra/clangd/CodeComplete.cpp:2311:3
    #5 0x8a7627f in clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>)::$_0::operator()(llvm::Expected<clang::clangd::InputsAndPreamble>) /src/clang-tools-extra/clangd/ClangdServer.cpp:506:8
    #6 0x8a7627f in void llvm::detail::UniqueFunctionBase<void, llvm::Expected<clang::clangd::InputsAndPreamble>>::CallImpl<clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>)::$_0>(void*, llvm::Expected<clang::clangd::InputsAndPreamble>&) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #7 0x8f9666c in llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>::operator()(llvm::Expected<clang::clangd::InputsAndPreamble>) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #8 0x8f9666c in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>)::$_0::operator()() /src/clang-tools-extra/clangd/TUScheduler.cpp:1811:5
    #9 0x8f9666c in void llvm::detail::UniqueFunctionBase<void>::CallImpl<clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>)::$_0>(void*) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #10 0x92fc634 in llvm::unique_function<void ()>::operator()() /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #11 0x92fc634 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1::operator()() /src/clang-tools-extra/clangd/support/Threading.cpp:101:5
    #12 0x92fc634 in auto void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)::operator()<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) const /src/llvm/include/llvm/Support/thread.h:43:11
    #13 0x92fc634 in auto std::__invoke_impl<void, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(std::__invoke_other, void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...)&&, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #14 0x92fc634 in std::__invoke_result<auto, auto...>::type std::__invoke<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&>(auto&&, auto&&...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #15 0x92fc634 in decltype(auto) std::__apply_impl<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, 0ul>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&, std::integer_sequence<unsigned long, 0ul>) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #16 0x92fc634 in decltype(auto) std::apply<void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*)::'lambda'(auto&&, auto&&...), std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&>(auto&&, std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>&) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #17 0x92fc634 in void llvm::thread::GenericThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:41:5
    #18 0x92fc634 in void* llvm::thread::ThreadProxy<std::tuple<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>>(void*) /src/llvm/include/llvm/Support/thread.h:55:5
    #19 0x587695c in asan_thread_start(void*) crtstuff.c

Thread T140 created by T132 here:
    #0 0x5860115 in pthread_create (/src/build/bin/clangd+0x5860115) (BuildId: 8b31158490359739)
    #1 0x5dfe9a8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional<unsigned int>) /src/llvm/lib/Support/Unix/Threading.inc:96:17
    #2 0x5dee410 in llvm::thread::thread<void (&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*>(std::optional<unsigned int>, void (&)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&&) /src/llvm/include/llvm/Support/thread.h:131:12
    #3 0x5dee410 in llvm::CrashRecoveryContext::RunSafelyOnThread(llvm::function_ref<void ()>, unsigned int) /src/llvm/lib/Support/CrashRecoveryContext.cpp:516:16
    #4 0xfbbfed6 in compileModuleImpl(clang::CompilerInstance&, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref<void (clang::CompilerInstance&)>, llvm::function_ref<void (clang::CompilerInstance&)>) /src/clang/lib/Frontend/CompilerInstance.cpp:1278:48
    #5 0xfbb82c7 in clang::CompilerInstance::createModuleFromSource(clang::SourceLocation, llvm::StringRef, llvm::StringRef) /src/clang/lib/Frontend/CompilerInstance.cpp:2242:7
    #6 0x6fe0f60 in clang::Preprocessor::HandlePragmaModuleBuild(clang::Token&) /src/clang/lib/Lex/Pragma.cpp:873:19
    #7 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&, clang::PragmaIntroducer, clang::Token&) /src/clang/lib/Lex/Pragma.cpp:120:12
    #8 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&, clang::PragmaIntroducer, clang::Token&) /src/clang/lib/Lex/Pragma.cpp:120:12
    #9 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&, clang::PragmaIntroducer, clang::Token&) /src/clang/lib/Lex/Pragma.cpp:120:12
    #10 0x6fefea1 in clang::Preprocessor::HandlePragmaDirective(clang::PragmaIntroducer) /src/clang/lib/Lex/Pragma.cpp:174:19
    #11 0x6f2eb5c in clang::Preprocessor::HandleDirective(clang::Token&) /src/clang/lib/Lex/PPDirectives.cpp:1355:14
    #12 0x6ed70b3 in clang::Lexer::LexTokenInternal(clang::Token&, bool) /src/clang/lib/Lex/Lexer.cpp:4511:7
    #13 0x7006e1b in clang::Preprocessor::Lex(clang::Token&) /src/clang/lib/Lex/Preprocessor.cpp:870:11

Thread T132 created by T0 here:
    #0 0x5860115 in pthread_create (/src/build/bin/clangd+0x5860115) (BuildId: 8b31158490359739)
    #1 0x5dfe9a8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional<unsigned int>) /src/llvm/lib/Support/Unix/Threading.inc:96:17
    #2 0x92fc2d1 in llvm::thread::thread<clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1>(std::optional<unsigned int>, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>)::$_1&&) /src/llvm/include/llvm/Support/thread.h:131:12
    #3 0x92fc2d1 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&, llvm::unique_function<void ()>) /src/clang-tools-extra/clangd/support/Threading.cpp:107:16
    #4 0x8fc69b4 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function<void (llvm::Expected<clang::clangd::InputsAndPreamble>)>) /src/clang-tools-extra/clangd/TUScheduler.cpp:1814:18
    #5 0x8a8fcfc in clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>) /src/clang-tools-extra/clangd/ClangdServer.cpp:511:18
    #6 0x89d1427 in clang::clangd::ClangdLSPServer::onSignatureHelp(clang::clangd::TextDocumentPositionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1154:11
    #7 0x8a280ef in void clang::clangd::LSPBinder::method<clang::clangd::TextDocumentPositionParams, clang::clangd::SignatureHelp, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::TextDocumentPositionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>))::'lambda'(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)::operator()(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>) const /src/clang-tools-extra/clangd/LSPBinder.h:141:5
    #8 0x8a27c95 in void llvm::detail::UniqueFunctionBase<void, llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>>::CallImpl<void clang::clangd::LSPBinder::method<clang::clangd::TextDocumentPositionParams, clang::clangd::SignatureHelp, clang::clangd::ClangdLSPServer>(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::TextDocumentPositionParams const&, llvm::unique_function<void (llvm::Expected<clang::clangd::SignatureHelp>)>))::'lambda'(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)>(void*, llvm::json::Value&, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>&) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #9 0x8a3fd10 in llvm::unique_function<void (llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>)>::operator()(llvm::json::Value, llvm::unique_function<void (llvm::Expected<llvm::json::Value>)>) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #10 0x8a3fd10 in clang::clangd::ClangdLSPServer::MessageHandler::onCall(llvm::StringRef, llvm::json::Value, llvm::json::Value) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:243:7
    #11 0x8d786bc in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:194:20
    #12 0x8d786bc in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&) /src/clang-tools-extra/clangd/JSONTransport.cpp:119:16
    #13 0x8a49859 in clang::clangd::ClangdLSPServer::run() /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
    #14 0x8893149 in clang::clangd::clangdMain(int, char**) /src/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
    #15 0x7ffff7aab5cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)

SUMMARY: AddressSanitizer: heap-use-after-free /src/llvm/include/llvm/Support/MemoryBuffer.h:68:41 in llvm::MemoryBuffer::getBufferSize() const
Shadow bytes around the buggy address:
  0x50800001ef80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
  0x50800001f000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 02
  0x50800001f080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
  0x50800001f100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 02
  0x50800001f180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
=>0x50800001f200: fa fa fa fa fd fd[fd]fd fd fd fd fd fd fd fd fd
  0x50800001f280: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x50800001f300: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x50800001f380: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x50800001f400: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x50800001f480: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1578==ABORTING

[llvmbot]

@llvm/issue-subscribers-clangd

Author: Henry Chu (henryhchchc)

A `textDocument/signatureHelp` at the `extern` (line 11) caused a heap-use-after-free.

(Generated by fuzzer)

#pragma clang module contents
  # 10  omp target parallel (

    #pragma omp target teams distribute parallel for simd is_device_ptr(k,i,j)

    #pragma clang module build bar
      module
        getFunctionTypeInternal {}
    #pragma clang module contents
      #pragma clang module begin bar
        extern int n;
      #pragma clang module end
    #pragma clang module endbuild


#line

    constexpr int *shouldRegisterGCDAntipattern() { return &n; }

      #pragma omp parallel private(i)
#pragma clang module endbuild

Log and stack trace is as follows

I[13:36:02.879] clangd version 20.1.4 (https://github.com/llvm/llvm-project.git ec28b8f9cc7f2ac187d8a617a6d08d5e56f9120e)
I[13:36:02.879] Features: linux+asan
I[13:36:02.879] PID: 1578
I[13:36:02.879] Working directory: /tmp/export1/id_5_time_3936_exec_34217
I[13:36:02.879] argv[0]: /src/build/bin/clangd
I[13:36:02.879] Starting LSP over stdin/stdout
I[13:36:02.881] <-- initialize(0)
I[13:36:02.907] --> reply:initialize(0) 26 ms
Content-Length: 2050

{"id":0,"jsonrpc":"2.0","result":{"capabilities":{"astProvider":true,"callHierarchyProvider":true,"clangdInlayHintsProvider":true,"codeActionProvider":true,"compilationDatabase":{"automaticReload":true},"completionProvider":{"resolveProvider":false,"triggerCharacters":[".","<",">",":","\"","/","*"]},"declarationProvider":true,"definitionProvider":true,"documentFormattingProvider":true,"documentHighlightProvider":true,"documentLinkProvider":{"resolveProvider":false},"documentOnTypeFormattingProvider":{"firstTriggerCharacter":"\n","moreTriggerCharacter":[]},"documentRangeFormattingProvider":true,"documentSymbolProvider":true,"executeCommandProvider":{"commands":["clangd.applyFix","clangd.applyRename","clangd.applyTweak"]},"foldingRangeProvider":true,"hoverProvider":true,"implementationProvider":true,"inactiveRegionsProvider":true,"inlayHintProvider":true,"memoryUsageProvider":true,"referencesProvider":true,"renameProvider":true,"selectionRangeProvider":true,"semanticTokensProvider":{"full":{"delta":true},"legend":{"tokenModifiers":["declaration","definition","deprecated","deduced","readonly","static","abstract","virtual","dependentName","defaultLibrary","usedAsMutableReference","usedAsMutablePointer","constructorOrDestructor","userDefined","functionScope","classScope","fileScope","globalScope"],"tokenTypes":["variable","variable","parameter","function","method","function","property","variable","class","interface","enum","enumMember","type","type","unknown","namespace","typeParameter","concept","type","macro","modifier","operator","bracket","label","comment"]},"range":false},"signatureHelpProvider":{"triggerCharacters":["(",")","{","}","<",">",","]},"standardTypeHierarchyProvider":true,"textDocumentSync":{"change":2,"openClose":true,"save":true},"typeDefinitionProvider":true,"typeHierarchyProvider":true,"workspaceSymbolProvider":true},"serverInfo":{"name":"clangd","version":"clangd version 20.1.4 (https://github.com/llvm/llvm-project.git ec28b8f9cc7f2ac187d8a617a6d08d5e56f9120e) linux+asan x86_64-unknown-linux-gnu"}}}I[13:36:02.907] <-- initialized
I[13:36:02.907] <-- textDocument/didOpen
I[13:36:02.908] <-- textDocument/signatureHelp(5)
I[13:36:02.909] Failed to find compilation database for /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
I[13:36:02.909] ASTWorker building file /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx version 1 with command clangd fallback
[/tmp/export1/id_5_time_3936_exec_34217/workspace]
/usr/bin/clang -resource-dir=/src/build/lib/clang/20 -- /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
I[13:36:02.931] Built preamble of size 275620 for file /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx version 1 in 0.02 seconds
I[13:36:02.932] --> workspace/semanticTokens/refresh(0)
Content-Length: 82

{"id":0,"jsonrpc":"2.0","method":"workspace/semanticTokens/refresh","params":null}I[13:36:02.936] Indexing c++17 standard library in the context of /tmp/export1/id_5_time_3936_exec_34217/workspace/main.cxx
=================================================================
==1578==ERROR: AddressSanitizer: heap-use-after-free on address 0x50800001f230 at pc 0x00000fbd71b5 bp 0x7fff563c37b0 sp 0x7fff563c37a8
READ of size 8 at 0x50800001f230 thread T140
    #<!-- -->0 0xfbd71b4 in llvm::MemoryBuffer::getBufferSize() const /src/llvm/include/llvm/Support/MemoryBuffer.h:68:41
    #<!-- -->1 0xfbd71b4 in InitializeFileRemapping(clang::DiagnosticsEngine&amp;, clang::SourceManager&amp;, clang::FileManager&amp;, clang::PreprocessorOptions const&amp;) /src/clang/lib/Frontend/CompilerInstance.cpp:409:56
    #<!-- -->2 0xfbd71b4 in clang::CompilerInstance::createPreprocessor(clang::TranslationUnitKind) /src/clang/lib/Frontend/CompilerInstance.cpp:468:3
    #<!-- -->3 0xfd298d4 in clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&amp;, clang::FrontendInputFile const&amp;) /src/clang/lib/Frontend/FrontendAction.cpp:819:8
    #<!-- -->4 0xfbc5e3b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&amp;) /src/clang/lib/Frontend/CompilerInstance.cpp:1055:13
    #<!-- -->5 0xfbc4a90 in compileModuleImpl(clang::CompilerInstance&amp;, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;)::$_1::operator()() const /src/clang/lib/Frontend/CompilerInstance.cpp:1281:18
    #<!-- -->6 0xfbc4a90 in void llvm::function_ref&lt;void ()&gt;::callback_fn&lt;compileModuleImpl(clang::CompilerInstance&amp;, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;)::$_1&gt;(long) /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:46:12
    #<!-- -->7 0x5dee293 in llvm::function_ref&lt;void ()&gt;::operator()() const /src/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
    #<!-- -->8 0x5dee293 in llvm::CrashRecoveryContext::RunSafely(llvm::function_ref&lt;void ()&gt;) /src/llvm/lib/Support/CrashRecoveryContext.cpp:426:3
    #<!-- -->9 0x5dee55b in RunSafelyOnThread_Dispatch(void*) /src/llvm/lib/Support/CrashRecoveryContext.cpp:510:29
    #<!-- -->10 0x5dee5d0 in auto void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)::operator()&lt;void (*&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) const /src/llvm/include/llvm/Support/thread.h:43:11
    #<!-- -->11 0x5dee5d0 in auto std::__invoke_impl&lt;void, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), void (*&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&amp;&gt;(std::__invoke_other, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)&amp;&amp;, void (*&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #<!-- -->12 0x5dee5d0 in std::__invoke_result&lt;auto, auto...&gt;::type std::__invoke&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), void (*&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #<!-- -->13 0x5dee5d0 in decltype(auto) std::__apply_impl&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&amp;, 0ul, 1ul&gt;(auto&amp;&amp;, std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&amp;, std::integer_sequence&lt;unsigned long, 0ul, 1ul&gt;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #<!-- -->14 0x5dee5d0 in decltype(auto) std::apply&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&amp;&gt;(auto&amp;&amp;, std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #<!-- -->15 0x5dee5d0 in void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*) /src/llvm/include/llvm/Support/thread.h:41:5
    #<!-- -->16 0x5dee5d0 in void* llvm::thread::ThreadProxy&lt;std::tuple&lt;void (*)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;&gt;(void*) /src/llvm/include/llvm/Support/thread.h:55:5
    #<!-- -->17 0x587695c in asan_thread_start(void*) crtstuff.c
    #<!-- -->18 0x7ffff7b0b7f9 in start_thread (/lib64/libc.so.6+0x897f9) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)
    #<!-- -->19 0x7ffff7b9081f in __GI___clone3 (/lib64/libc.so.6+0x10e81f) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)

0x50800001f230 is located 16 bytes inside of 90-byte region [0x50800001f220,0x50800001f27a)
freed by thread T132 here:
    #<!-- -->0 0x587a50a in free (/src/build/bin/clangd+0x587a50a) (BuildId: 8b31158490359739)
    #<!-- -->1 0x6d8cfc5 in std::default_delete&lt;llvm::MemoryBuffer&gt;::operator()(llvm::MemoryBuffer*) const /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:99:2
    #<!-- -->2 0x6d8cfc5 in std::__uniq_ptr_impl&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;::reset(llvm::MemoryBuffer*) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:211:4
    #<!-- -->3 0x6d8cfc5 in std::__uniq_ptr_impl&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;::operator=(std::__uniq_ptr_impl&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;&amp;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:191:2
    #<!-- -->4 0x6d8cfc5 in std::__uniq_ptr_data&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;, true, true&gt;::operator=(std::__uniq_ptr_data&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;, true, true&gt;&amp;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:243:61
    #<!-- -->5 0x6d8cfc5 in std::unique_ptr&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;::operator=(std::unique_ptr&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;&amp;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/unique_ptr.h:414:51
    #<!-- -->6 0x6d8cfc5 in clang::SrcMgr::ContentCache::setBuffer(std::unique_ptr&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;) /src/clang/include/clang/Basic/SourceManager.h:260:12
    #<!-- -->7 0x6d8cfc5 in clang::SourceManager::overrideFileContents(clang::FileEntryRef, std::unique_ptr&lt;llvm::MemoryBuffer, std::default_delete&lt;llvm::MemoryBuffer&gt;&gt;) /src/clang/lib/Basic/SourceManager.cpp:721:6
    #<!-- -->8 0xfbdbd95 in EnableCodeCompletion(clang::Preprocessor&amp;, llvm::StringRef, unsigned int, unsigned int) /src/clang/lib/Frontend/CompilerInstance.cpp:706:6
    #<!-- -->9 0xfbdb7d5 in clang::CompilerInstance::createCodeCompletionConsumer() /src/clang/lib/Frontend/CompilerInstance.cpp:717:14

previously allocated by thread T132 here:
    #<!-- -->0 0x587a7a3 in malloc (/src/build/bin/clangd+0x587a7a3) (BuildId: 8b31158490359739)
    #<!-- -->1 0x5d40f8f in operator new(unsigned long, (anonymous namespace)::NamedBufferAlloc const&amp;) /src/llvm/lib/Support/MemoryBuffer.cpp:88:27
    #<!-- -->2 0x5d40c26 in llvm::MemoryBuffer::getMemBuffer(llvm::StringRef, llvm::StringRef, bool) /src/llvm/lib/Support/MemoryBuffer.cpp:131:15
    #<!-- -->3 0x8ae4fde in clang::clangd::(anonymous namespace)::semaCodeComplete(std::unique_ptr&lt;clang::CodeCompleteConsumer, std::default_delete&lt;clang::CodeCompleteConsumer&gt;&gt;, clang::CodeCompleteOptions const&amp;, clang::clangd::(anonymous namespace)::SemaCompleteInput const&amp;, clang::clangd::IncludeStructure*) /src/clang-tools-extra/clangd/CodeComplete.cpp:1393:7
    #<!-- -->4 0x8af4de7 in clang::clangd::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::PreambleData const&amp;, clang::clangd::ParseInputs const&amp;, clang::clangd::MarkupKind) /src/clang-tools-extra/clangd/CodeComplete.cpp:2311:3
    #<!-- -->5 0x8a7627f in clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;)::$_0::operator()(llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;) /src/clang-tools-extra/clangd/ClangdServer.cpp:506:8
    #<!-- -->6 0x8a7627f in void llvm::detail::UniqueFunctionBase&lt;void, llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;&gt;::CallImpl&lt;clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;)::$_0&gt;(void*, llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;&amp;) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->7 0x8f9666c in llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;::operator()(llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->8 0x8f9666c in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;)::$_0::operator()() /src/clang-tools-extra/clangd/TUScheduler.cpp:1811:5
    #<!-- -->9 0x8f9666c in void llvm::detail::UniqueFunctionBase&lt;void&gt;::CallImpl&lt;clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;)::$_0&gt;(void*) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->10 0x92fc634 in llvm::unique_function&lt;void ()&gt;::operator()() /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->11 0x92fc634 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1::operator()() /src/clang-tools-extra/clangd/support/Threading.cpp:101:5
    #<!-- -->12 0x92fc634 in auto void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)::operator()&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) const /src/llvm/include/llvm/Support/thread.h:43:11
    #<!-- -->13 0x92fc634 in auto std::__invoke_impl&lt;void, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(std::__invoke_other, void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...)&amp;&amp;, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61:14
    #<!-- -->14 0x92fc634 in std::__invoke_result&lt;auto, auto...&gt;::type std::__invoke&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&gt;(auto&amp;&amp;, auto&amp;&amp;...) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96:14
    #<!-- -->15 0x92fc634 in decltype(auto) std::__apply_impl&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;, 0ul&gt;(auto&amp;&amp;, std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;, std::integer_sequence&lt;unsigned long, 0ul&gt;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2302:14
    #<!-- -->16 0x92fc634 in decltype(auto) std::apply&lt;void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*)::'lambda'(auto&amp;&amp;, auto&amp;&amp;...), std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;&gt;(auto&amp;&amp;, std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&amp;) /opt/rh/gcc-toolset-13/root/usr/lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2313:14
    #<!-- -->17 0x92fc634 in void llvm::thread::GenericThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*) /src/llvm/include/llvm/Support/thread.h:41:5
    #<!-- -->18 0x92fc634 in void* llvm::thread::ThreadProxy&lt;std::tuple&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;&gt;(void*) /src/llvm/include/llvm/Support/thread.h:55:5
    #<!-- -->19 0x587695c in asan_thread_start(void*) crtstuff.c

Thread T140 created by T132 here:
    #<!-- -->0 0x5860115 in pthread_create (/src/build/bin/clangd+0x5860115) (BuildId: 8b31158490359739)
    #<!-- -->1 0x5dfe9a8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional&lt;unsigned int&gt;) /src/llvm/lib/Support/Unix/Threading.inc:96:17
    #<!-- -->2 0x5dee410 in llvm::thread::thread&lt;void (&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&gt;(std::optional&lt;unsigned int&gt;, void (&amp;)(void*), (anonymous namespace)::RunSafelyOnThreadInfo*&amp;&amp;) /src/llvm/include/llvm/Support/thread.h:131:12
    #<!-- -->3 0x5dee410 in llvm::CrashRecoveryContext::RunSafelyOnThread(llvm::function_ref&lt;void ()&gt;, unsigned int) /src/llvm/lib/Support/CrashRecoveryContext.cpp:516:16
    #<!-- -->4 0xfbbfed6 in compileModuleImpl(clang::CompilerInstance&amp;, clang::SourceLocation, llvm::StringRef, clang::FrontendInputFile, llvm::StringRef, llvm::StringRef, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;, llvm::function_ref&lt;void (clang::CompilerInstance&amp;)&gt;) /src/clang/lib/Frontend/CompilerInstance.cpp:1278:48
    #<!-- -->5 0xfbb82c7 in clang::CompilerInstance::createModuleFromSource(clang::SourceLocation, llvm::StringRef, llvm::StringRef) /src/clang/lib/Frontend/CompilerInstance.cpp:2242:7
    #<!-- -->6 0x6fe0f60 in clang::Preprocessor::HandlePragmaModuleBuild(clang::Token&amp;) /src/clang/lib/Lex/Pragma.cpp:873:19
    #<!-- -->7 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&amp;, clang::PragmaIntroducer, clang::Token&amp;) /src/clang/lib/Lex/Pragma.cpp:120:12
    #<!-- -->8 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&amp;, clang::PragmaIntroducer, clang::Token&amp;) /src/clang/lib/Lex/Pragma.cpp:120:12
    #<!-- -->9 0x6fef580 in clang::PragmaNamespace::HandlePragma(clang::Preprocessor&amp;, clang::PragmaIntroducer, clang::Token&amp;) /src/clang/lib/Lex/Pragma.cpp:120:12
    #<!-- -->10 0x6fefea1 in clang::Preprocessor::HandlePragmaDirective(clang::PragmaIntroducer) /src/clang/lib/Lex/Pragma.cpp:174:19
    #<!-- -->11 0x6f2eb5c in clang::Preprocessor::HandleDirective(clang::Token&amp;) /src/clang/lib/Lex/PPDirectives.cpp:1355:14
    #<!-- -->12 0x6ed70b3 in clang::Lexer::LexTokenInternal(clang::Token&amp;, bool) /src/clang/lib/Lex/Lexer.cpp:4511:7
    #<!-- -->13 0x7006e1b in clang::Preprocessor::Lex(clang::Token&amp;) /src/clang/lib/Lex/Preprocessor.cpp:870:11

Thread T132 created by T0 here:
    #<!-- -->0 0x5860115 in pthread_create (/src/build/bin/clangd+0x5860115) (BuildId: 8b31158490359739)
    #<!-- -->1 0x5dfe9a8 in llvm::llvm_execute_on_thread_impl(void* (*)(void*), void*, std::optional&lt;unsigned int&gt;) /src/llvm/lib/Support/Unix/Threading.inc:96:17
    #<!-- -->2 0x92fc2d1 in llvm::thread::thread&lt;clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&gt;(std::optional&lt;unsigned int&gt;, clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;)::$_1&amp;&amp;) /src/llvm/include/llvm/Support/thread.h:131:12
    #<!-- -->3 0x92fc2d1 in clang::clangd::AsyncTaskRunner::runAsync(llvm::Twine const&amp;, llvm::unique_function&lt;void ()&gt;) /src/clang-tools-extra/clangd/support/Threading.cpp:107:16
    #<!-- -->4 0x8fc69b4 in clang::clangd::TUScheduler::runWithPreamble(llvm::StringRef, llvm::StringRef, clang::clangd::TUScheduler::PreambleConsistency, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::InputsAndPreamble&gt;)&gt;) /src/clang-tools-extra/clangd/TUScheduler.cpp:1814:18
    #<!-- -->5 0x8a8fcfc in clang::clangd::ClangdServer::signatureHelp(llvm::StringRef, clang::clangd::Position, clang::clangd::MarkupKind, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;) /src/clang-tools-extra/clangd/ClangdServer.cpp:511:18
    #<!-- -->6 0x89d1427 in clang::clangd::ClangdLSPServer::onSignatureHelp(clang::clangd::TextDocumentPositionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1154:11
    #<!-- -->7 0x8a280ef in void clang::clangd::LSPBinder::method&lt;clang::clangd::TextDocumentPositionParams, clang::clangd::SignatureHelp, clang::clangd::ClangdLSPServer&gt;(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::TextDocumentPositionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;))::'lambda'(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)::operator()(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;) const /src/clang-tools-extra/clangd/LSPBinder.h:141:5
    #<!-- -->8 0x8a27c95 in void llvm::detail::UniqueFunctionBase&lt;void, llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;&gt;::CallImpl&lt;void clang::clangd::LSPBinder::method&lt;clang::clangd::TextDocumentPositionParams, clang::clangd::SignatureHelp, clang::clangd::ClangdLSPServer&gt;(llvm::StringLiteral, clang::clangd::ClangdLSPServer*, void (clang::clangd::ClangdLSPServer::*)(clang::clangd::TextDocumentPositionParams const&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;clang::clangd::SignatureHelp&gt;)&gt;))::'lambda'(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)&gt;(void*, llvm::json::Value&amp;, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;&amp;) /src/llvm/include/llvm/ADT/FunctionExtras.h:222:12
    #<!-- -->9 0x8a3fd10 in llvm::unique_function&lt;void (llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;)&gt;::operator()(llvm::json::Value, llvm::unique_function&lt;void (llvm::Expected&lt;llvm::json::Value&gt;)&gt;) /src/llvm/include/llvm/ADT/FunctionExtras.h:387:12
    #<!-- -->10 0x8a3fd10 in clang::clangd::ClangdLSPServer::MessageHandler::onCall(llvm::StringRef, llvm::json::Value, llvm::json::Value) /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:243:7
    #<!-- -->11 0x8d786bc in clang::clangd::(anonymous namespace)::JSONTransport::handleMessage(llvm::json::Value, clang::clangd::Transport::MessageHandler&amp;) /src/clang-tools-extra/clangd/JSONTransport.cpp:194:20
    #<!-- -->12 0x8d786bc in clang::clangd::(anonymous namespace)::JSONTransport::loop(clang::clangd::Transport::MessageHandler&amp;) /src/clang-tools-extra/clangd/JSONTransport.cpp:119:16
    #<!-- -->13 0x8a49859 in clang::clangd::ClangdLSPServer::run() /src/clang-tools-extra/clangd/ClangdLSPServer.cpp:1741:25
    #<!-- -->14 0x8893149 in clang::clangd::clangdMain(int, char**) /src/clang-tools-extra/clangd/tool/ClangdMain.cpp:1049:28
    #<!-- -->15 0x7ffff7aab5cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf) (BuildId: fc46bc419367003d0e4e399cbe22aade4a1ee7be)

SUMMARY: AddressSanitizer: heap-use-after-free /src/llvm/include/llvm/Support/MemoryBuffer.h:68:41 in llvm::MemoryBuffer::getBufferSize() const
Shadow bytes around the buggy address:
  0x50800001ef80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
  0x50800001f000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 02
  0x50800001f080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
  0x50800001f100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 02
  0x50800001f180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
=&gt;0x50800001f200: fa fa fa fa fd fd[fd]fd fd fd fd fd fd fd fd fd
  0x50800001f280: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x50800001f300: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x50800001f380: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x50800001f400: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x50800001f480: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1578==ABORTING