SIGSEGV: invalid memory reference in librustc_trans-llvm

[PaulGrandperrin]

Rust version:

rustc 1.25.0-nightly (def3269a7 2018-01-30)
binary: rustc
commit-hash: def3269a71be2e737cad27418a3dad9f5bd6cd32
commit-date: 2018-01-30
host: x86_64-unknown-linux-gnu
release: 1.25.0-nightly
LLVM version: 4.0

Steps to reproduce:

cd /tmp
git clone https://github.com/rust-fuzz/cargo-fuzz.git
cd cargo-fuzz
cargo install
cd testcrate
cargo-fuzz init
sed -i'' -e 's/\/\/.*/testcrate\:\:test_func\(data\)\;/g' fuzz/fuzz_targets/fuzz_target_1.rs
cargo-fuzz run fuzz_target_1 -- -runs=1000 # no bugs
# now, we just add "-O" which will be transformed into "-C opt-level=3" and it makes the compiler segfault
cargo-fuzz run fuzz_target_1 -O -- -runs=1000

The log of the last command leading to the crash:

   Compiling arbitrary v0.1.0
   Compiling testcrate v0.1.0 (file:///tmp/cargo-fuzz/testcrate)
   Compiling cc v1.0.4
     Running `rustc --crate-name arbitrary /home/paulg/.cargo/registry/src/github.com-1ecc6299db9ec823/arbitrary-0.1.0/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=ec259e09376489d8 -C extra-filename=-ec259e09376489d8 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cap-lints allow --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort`
     Running `rustc --crate-name testcrate /tmp/cargo-fuzz/testcrate/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=2716f80b1364d7ff -C extra-filename=-2716f80b1364d7ff --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort`
     Running `rustc --crate-name cc /home/paulg/.cargo/registry/src/github.com-1ecc6299db9ec823/cc-1.0.4/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=c8e56a194d56e32d -C extra-filename=-c8e56a194d56e32d --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cap-lints allow`
error: Could not compile `testcrate`.

Caused by:
  process didn't exit successfully: `rustc --crate-name testcrate /tmp/cargo-fuzz/testcrate/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=2716f80b1364d7ff -C extra-filename=-2716f80b1364d7ff --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort` (signal: 11, SIGSEGV: invalid memory reference)
warning: build failed, waiting for other jobs to finish...
error: Could not compile `arbitrary`.

Caused by:
  process didn't exit successfully: `rustc --crate-name arbitrary /home/paulg/.cargo/registry/src/github.com-1ecc6299db9ec823/arbitrary-0.1.0/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=ec259e09376489d8 -C extra-filename=-ec259e09376489d8 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cap-lints allow --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort` (signal: 11, SIGSEGV: invalid memory reference)
warning: build failed, waiting for other jobs to finish...
error: build failed
error: could not build fuzz script: "cargo" "build" "--manifest-path" "/tmp/cargo-fuzz/testcrate/fuzz/Cargo.toml" "--verbose" "--bin" "fuzz_target_1" "--target" "x86_64-unknown-linux-gnu" "--release"⏎

The backtrace of one the subcommands leading to a segfault:

(gdb) r --crate-name testcrate /tmp/cargo-fuzz/testcrate/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=2716f80b1364d7ff -C extra-filename=-2716f80b1364d7ff --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort
Starting program: /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/bin/rustc --crate-name testcrate /tmp/cargo-fuzz/testcrate/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=2716f80b1364d7ff -C extra-filename=-2716f80b1364d7ff --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff03ff700 (LWP 15244)]
[New Thread 0x7fffe71ff700 (LWP 15245)]
[New Thread 0x7fffe6ffe700 (LWP 15246)]
[New Thread 0x7fffe67ff700 (LWP 15247)]
[Thread 0x7fffe67ff700 (LWP 15247) exited]
[New Thread 0x7fffe67ff700 (LWP 15248)]
[New Thread 0x7fffe61ff700 (LWP 15249)]
[New Thread 0x7fffe5bff700 (LWP 15250)]
[Thread 0x7fffe5bff700 (LWP 15250) exited]
[Thread 0x7fffe61ff700 (LWP 15249) exited]
[Thread 0x7fffe67ff700 (LWP 15248) exited]
[New Thread 0x7fffe67ff700 (LWP 15251)]
[New Thread 0x7fffe61ff700 (LWP 15252)]
[New Thread 0x7fffe5bff700 (LWP 15253)]
[Thread 0x7fffe5bff700 (LWP 15253) exited]

Thread 10 "rustc" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe61ff700 (LWP 15252)]
0x00007fffed7d0ca8 in llvm::FunctionImportGlobalProcessing::shouldPromoteLocalToGlobal(llvm::GlobalValue const*) ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
(gdb) bt
#0  0x00007fffed7d0ca8 in llvm::FunctionImportGlobalProcessing::shouldPromoteLocalToGlobal(llvm::GlobalValue const*) ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#1  0x00007fffed7d0d95 in llvm::FunctionImportGlobalProcessing::processGlobalForThinLTO(llvm::GlobalValue&) ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#2  0x00007fffed7d0ee3 in llvm::FunctionImportGlobalProcessing::processGlobalsForThinLTO() ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#3  0x00007fffed7d0f69 in llvm::FunctionImportGlobalProcessing::run() ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#4  0x00007fffed7d0fc5 in llvm::renameModuleForThinLTO(llvm::Module&, llvm::ModuleSummaryIndex const&, llvm::DenseSet<llvm::GlobalValue const*, llvm::DenseMapInfo<llvm::GlobalValue const*> >*) ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#5  0x00007fffec6b06e4 in LLVMRustPrepareThinLTORename ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#6  0x00007fffec59d81a in rustc_trans::back::lto::LtoModuleTranslation::optimize::h46113886aa1450f7 ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#7  0x00007fffec5c39ad in rustc_trans::back::write::execute_work_item::h09a8ebc4759a9634 ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#8  0x00007fffec64cecb in std::sys_common::backtrace::__rust_begin_short_backtrace::h62d6fad4039b8b81 ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#9  0x00007fffec5d9d36 in std::panicking::try::do_call::hd60f009b46a55adc ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#10 0x00007ffff76a40af in __rust_maybe_catch_panic () at libpanic_unwind/lib.rs:102
#11 0x00007fffec68e56b in _$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::h3e81a62f6b1fa3a2 ()
   from /home/paulg/.rustup/toolchains/nightly-2018-02-01-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/codegen-backends/librustc_trans-llvm.so
#12 0x00007ffff7693478 in _$LT$alloc..boxed..Box$LT$alloc..boxed..FnBox$LT$A$C$$u20$Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h6a4c702f42d64d79 ()
    at /checkout/src/liballoc/boxed.rs:798
#13 std::sys_common::thread::start_thread::hb176f2ed2201bf7e () at libstd/sys_common/thread.rs:24
#14 0x00007ffff7661ee9 in std::sys::unix::thread::Thread::new::thread_start::hc30d7b5fed49aff0 () at libstd/sys/unix/thread.rs:90
#15 0x00007ffff1b4751a in start_thread (arg=0x7fffe61ff700) at pthread_create.c:465
#16 0x00007ffff734d3ef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

If needed I can build rustc and llvm with the debug symbols to get a better backtrace.

[Mark-Simulacrum]

cc @alexcrichton -- Probably related to the trans work

[cuviper]

An LLVM upgrade is underway in #47828, if you care to try with that.

[PaulGrandperrin]

@cuviper I'll try compiling with this PR.

[PaulGrandperrin]

Unfortunatly I'm not able to compile the code from this PR or the one from @alexcrichton 's llvm6 branch.

Error from PR's code:

paulg@debian ~/P/r/rust> ./x.py build
Updating submodules
Submodule path 'src/binaryen': checked out '1c9bf65aa0e371b84755a8ddd6e79497fac57171'
Submodule path 'src/binaryen/test/emscripten': checked out '1d979a75722a513b586e6705d662ff4ee0ea832b'
Submodule path 'src/binaryen/test/spec': checked out '4b50c1c3f0d28c1a848866c6cdd0a1f469e1923c'
Submodule path 'src/binaryen/test/waterfall': checked out '900646fc880d526160b0df9b78bc9dd4f02dc1ab'
Submodule path 'src/dlmalloc': checked out 'a2b424b600235af58f453577c2da1b0e1de2ffa5'
Submodule path 'src/doc/book': checked out '194eb8d5f1753fb5f4501011cebdc1b585712474'
Submodule path 'src/doc/nomicon': checked out 'fec3182d0b0a3cf8122e192b3270064a5b19be5b'
Submodule path 'src/doc/reference': checked out '1d791b55b23ec5389fbd5b3cee80db3f8bbdd162'
Submodule path 'src/doc/rust-by-example': checked out '4ebb8169dfe569b3dcbeab560607800bb717978a'
Submodule path 'src/jemalloc': checked out '1f5a28755e301ac581e2048011e4e0ff3da482ef'
Submodule path 'src/libcompiler_builtins': checked out '345447948f7a51eca970fa036cefd613d54a4f79'
fatal: Not a git repository: /home/paulg/Projets/rust-lang/rust/src/libcompiler_builtins/compiler-rt/../../../.git/modules/src/libcompiler_builtins/modules/compiler-rt
Failed to clone 'compiler-rt'. Retry scheduled
BUG: submodule considered for cloning, doesn't need cloning any more?
fatal: Not a git repository: /home/paulg/Projets/rust-lang/rust/src/libcompiler_builtins/compiler-rt/../../../.git/modules/src/libcompiler_builtins/modules/compiler-rt
Unable to fetch in submodule path 'src/libcompiler_builtins/compiler-rt'
Submodule path 'src/liblibc': checked out '56444a4545bd71430d64b86b8a71714cfdbe9f5d'
Submodule path 'src/llvm': checked out '860c10e60cff73073d20110ff5f130ef6c643210'
Submodule path 'src/rt/hoedown': checked out 'da282f1bb7277b4d30fa1599ee29ad8eb4dd2a92'
Submodule path 'src/tools/cargo': checked out '1d6dfea44f97199d5d5c177c7dadcde393eaff9a'
Submodule path 'src/tools/clippy': checked out '7d7fef1690218bbb406cf3bcadf7bb29dbb40cc5'
Submodule path 'src/tools/miri': checked out '919604e1ead8294c8ca14f101be4380ea1ea370c'
Submodule path 'src/tools/rls': checked out '511321ae1c2fa3f0e334885fecf406dd6c882836'
Submodule path 'src/tools/rust-installer': checked out 'b55e0fc77590cf5d23a01dedeb2104d8cbb48efc'
Submodule path 'src/tools/rust-installer/test/rust-installer-v1': checked out 'aed73472416064642911af790b25d57c9390b6c7'
Submodule path 'src/tools/rust-installer/test/rust-installer-v2': checked out 'e577c97b494be2815b215e3042207d6d4b7c5516'
Submodule path 'src/tools/rust-installer/test/rust-installer-v2/test/rust-installer-v1': checked out 'aed73472416064642911af790b25d57c9390b6c7'
Submodule path 'src/tools/rustfmt': checked out 'e0e3e22248cd14ebbe0253e9720261a0328bfc59'
Failed to recurse into submodule path 'src/libcompiler_builtins'
failed to run: git submodule update --init --recursive src/llvm src/rt/hoedown src/jemalloc src/tools/rust-installer src/liblibc src/doc/nomicon src/tools/cargo src/doc/reference src/doc/book src/tools/rls src/libcompiler_builtins src/tools/clippy src/tools/rustfmt src/tools/miri src/dlmalloc src/binaryen src/doc/rust-by-example
Build completed unsuccessfully in 0:00:04

I also tried to compile directly from @alexcrichton 's llvm6 branch with RUST_BACKTRACE=1 :

...
Assembling stage1 compiler (x86_64-unknown-linux-gnu)
Building stage1 std artifacts (x86_64-unknown-linux-gnu -> x86_64-unknown-linux-gnu)
   Compiling core v0.0.0 (file:///home/paulg/Projets/rust-lang/rust-alexcrichton/src/libcore)
error: internal compiler error: librustc/ty/context.rs:263: node unknown node (id=1) with HirId::owner DefId(0/0:0 ~ core[d915]) cannot be placed in TypeckTables with local_id_root DefId(0/0:1640 ~ core[d915]::panicking[0]::panic_fmt[0])

thread 'rustc' panicked at 'Box<Any>', librustc_errors/lib.rs:535:9
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
   1: std::sys_common::backtrace::print
   2: std::panicking::default_hook::{{closure}}
   3: std::panicking::default_hook
   4: std::panicking::rust_panic_with_hook
   5: std::panicking::begin_panic
   6: rustc_errors::Handler::bug
   7: <std::thread::local::LocalKey<T>>::with
   8: rustc::ty::context::tls::with_opt
   9: rustc::session::opt_span_bug_fmt
  10: rustc::session::bug_fmt
  11: <std::thread::local::LocalKey<T>>::with
  12: rustc::ty::context::tls::with
  13: rustc::ty::context::TypeckTables::node_id_to_type_opt
  14: <rustc_save_analysis::dump_visitor::DumpVisitor<'l, 'tcx, 'll, O>>::process_formals
  15: <rustc_save_analysis::dump_visitor::DumpVisitor<'l, 'tcx, 'll, O> as syntax::visit::Visitor<'l>>::visit_foreign_item
  16: syntax::visit::walk_item
  17: <rustc_save_analysis::dump_visitor::DumpVisitor<'l, 'tcx, 'll, O> as syntax::visit::Visitor<'l>>::visit_item
  18: <rustc_save_analysis::dump_visitor::DumpVisitor<'l, 'tcx, 'll, O> as syntax::visit::Visitor<'l>>::visit_item
  19: <rustc_save_analysis::dump_visitor::DumpVisitor<'l, 'tcx, 'll, O> as syntax::visit::Visitor<'l>>::visit_mod
  20: <rustc_save_analysis::DumpHandler<'a> as rustc_save_analysis::SaveHandler>::save
  21: rustc::dep_graph::graph::DepGraph::with_ignore
  22: rustc_driver::enable_save_analysis::{{closure}}::{{closure}}
  23: rustc_driver::enable_save_analysis::{{closure}}
  24: rustc::dep_graph::graph::DepGraph::with_ignore
  25: rustc_driver::driver::compile_input::{{closure}}
  26: <std::thread::local::LocalKey<T>>::with
  27: <std::thread::local::LocalKey<T>>::with
  28: rustc_driver::driver::compile_input
  29: rustc_driver::run_compiler

note: the compiler unexpectedly panicked. this is a bug.

note: we would appreciate a bug report: https://github.com/rust-lang/rust/blob/master/CONTRIBUTING.md#bug-reports

note: rustc 1.25.0-dev running on x86_64-unknown-linux-gnu

error: Could not compile `core`.

Caused by:
  process didn't exit successfully: `/home/paulg/Projets/rust-lang/rust-alexcrichton/build/bootstrap/debug/rustc --crate-name core libcore/lib.rs --error-format json --crate-type lib --emit=dep-info,link -C opt-level=2 -C metadata=40f5c600e4b14118 -C extra-filename=-40f5c600e4b14118 --out-dir /home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage1-std/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage1-std/x86_64-unknown-linux-gnu/release/deps -L dependency=/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage1-std/release/deps` (exit code: 101)
thread 'main' panicked at 'command did not execute successfully: "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage0/bin/cargo" "build" "--target" "x86_64-unknown-linux-gnu" "-j" "8" "--release" "--features" "panic-unwind jemalloc backtrace" "--manifest-path" "/home/paulg/Projets/rust-lang/rust-alexcrichton/src/libstd/Cargo.toml" "--message-format" "json"
expected success, got: exit code: 101', bootstrap/compile.rs:1061:9
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::print
             at /checkout/src/libstd/sys_common/backtrace.rs:68
             at /checkout/src/libstd/sys_common/backtrace.rs:57
   2: std::panicking::default_hook::{{closure}}
             at /checkout/src/libstd/panicking.rs:381
   3: std::panicking::default_hook
             at /checkout/src/libstd/panicking.rs:397
   4: std::panicking::rust_panic_with_hook
             at /checkout/src/libstd/panicking.rs:577
   5: std::panicking::begin_panic
             at /checkout/src/libstd/panicking.rs:538
   6: std::panicking::begin_panic_fmt
             at /checkout/src/libstd/panicking.rs:522
   7: bootstrap::compile::run_cargo
             at bootstrap/compile.rs:1061
   8: <bootstrap::compile::Std as bootstrap::builder::Step>::run
             at bootstrap/compile.rs:109
   9: bootstrap::builder::Builder::ensure
             at bootstrap/builder.rs:732
  10: <bootstrap::compile::Test as bootstrap::builder::Step>::run
             at bootstrap/compile.rs:343
  11: bootstrap::builder::Builder::ensure
             at bootstrap/builder.rs:732
  12: <bootstrap::compile::Rustc as bootstrap::builder::Step>::run
             at bootstrap/compile.rs:459
  13: bootstrap::builder::Builder::ensure
             at bootstrap/builder.rs:732
  14: <bootstrap::compile::Assemble as bootstrap::builder::Step>::run
             at bootstrap/compile.rs:885
  15: bootstrap::builder::Builder::ensure
             at bootstrap/builder.rs:732
  16: bootstrap::builder::Builder::compiler
             at bootstrap/builder.rs:339
  17: <bootstrap::compile::Std as bootstrap::builder::Step>::make_run
             at bootstrap/compile.rs:56
  18: bootstrap::builder::StepDescription::maybe_run
             at bootstrap/builder.rs:151
  19: bootstrap::builder::StepDescription::run
             at bootstrap/builder.rs:163
  20: bootstrap::builder::Builder::run
             at bootstrap/builder.rs:326
  21: bootstrap::Build::build
             at bootstrap/lib.rs:378
  22: bootstrap::main
             at bootstrap/bin/main.rs:29
  23: std::rt::lang_start::{{closure}}
             at /checkout/src/libstd/rt.rs:74
  24: std::panicking::try::do_call
             at /checkout/src/libstd/rt.rs:59
             at /checkout/src/libstd/panicking.rs:480
  25: __rust_maybe_catch_panic
             at /checkout/src/libpanic_unwind/lib.rs:101
  26: std::rt::lang_start_internal
             at /checkout/src/libstd/panicking.rs:459
             at /checkout/src/libstd/panic.rs:365
             at /checkout/src/libstd/rt.rs:58
  27: std::rt::lang_start
             at /checkout/src/libstd/rt.rs:74
  28: main
  29: __libc_start_main
  30: _start
failed to run: /home/paulg/Projets/rust-lang/rust-alexcrichton/build/bootstrap/debug/bootstrap build
Build completed unsuccessfully in 0:00:18

[PaulGrandperrin]

Oh, deleting my custom config.toml made this bug disappear.
So will not have the debug symbols enabled but maybe I'll be able to try to compile with llvm6 if the compilation goes well until the end.

(I'll report this issue on the llvm6 PR)

[PaulGrandperrin]

I now have a working rustc compiled with llvm6.
It looks like it solved this problem but the code still doesn't compile. However, this new error is unrelated to the previous one and "makes sense":
Now the compilation fails probably because the 'libfuzzer.a' library compiled in libfuzzer-sys is compiled from LLVM-4 source code. I'll try to sync it to version 6 just to make sure everything works fine now.

For info, here is the new error:

   Compiling arbitrary v0.1.0
   Compiling cc v1.0.4
   Compiling testcrate v0.1.0 (file:///tmp/cargo-fuzz/testcrate)
     Running `rustc --crate-name arbitrary /home/paulg/.cargo/registry/src/github.com-1ecc6299db9ec823/arbitrary-0.1.0/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=dd3998fbf143faff -C extra-filename=-dd3998fbf143faff --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cap-lints allow --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort`
     Running `rustc --crate-name cc /home/paulg/.cargo/registry/src/github.com-1ecc6299db9ec823/cc-1.0.4/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=cfb591092d768fe0 -C extra-filename=-cfb591092d768fe0 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cap-lints allow`
     Running `rustc --crate-name testcrate /tmp/cargo-fuzz/testcrate/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=5ed5d1d83da88395 -C extra-filename=-5ed5d1d83da88395 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort`
   Compiling libfuzzer-sys v0.1.0 (https://github.com/rust-fuzz/libfuzzer-sys.git#737524f7)
     Running `rustc --crate-name build_script_build /home/paulg/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/build.rs --crate-type bin --emit=dep-info,link -C opt-level=3 -C metadata=cc2688e82fd77f58 -C extra-filename=-cc2688e82fd77f58 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/release/build/libfuzzer-sys-cc2688e82fd77f58 -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --extern cc=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps/libcc-cfb591092d768fe0.rlib --cap-lints allow`
     Running `/tmp/cargo-fuzz/testcrate/fuzz/target/release/build/libfuzzer-sys-cc2688e82fd77f58/build-script-build`
     Running `rustc --crate-name libfuzzer_sys /home/paulg/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/src/lib.rs --crate-type lib --emit=dep-info,link -C opt-level=3 -C metadata=be3169c3de2b03b7 -C extra-filename=-be3169c3de2b03b7 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --extern arbitrary=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libarbitrary-dd3998fbf143faff.rlib --cap-lints allow --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort -L native=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/build/libfuzzer-sys-f4345974210a91e0/out -l static=fuzzer -l 'stdc++'`
   Compiling testcrate-fuzz v0.0.1 (file:///tmp/cargo-fuzz/testcrate/fuzz)
     Running `rustc --crate-name fuzz_target_1 fuzz_targets/fuzz_target_1.rs --crate-type bin --emit=dep-info,link -C opt-level=3 -C metadata=771287f9e3419628 -C extra-filename=-771287f9e3419628 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --extern testcrate=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib --extern libfuzzer_sys=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort -L native=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/build/libfuzzer-sys-f4345974210a91e0/out`
error: linking with `cc` failed: exit code: 1
  |
  = note: "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-m64" "-L" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/fuzz_target_1-771287f9e3419628.fuzz_target_10-acbd11e9aec035f47063d8f105cb9142.rs.rcgu.o" "-o" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/fuzz_target_1-771287f9e3419628" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/fuzz_target_1-771287f9e3419628.crate.allocator.rcgu.o" "-Wl,--gc-sections" "-pie" "-Wl,-z,relro,-z,now" "-Wl,-O1" "-nodefaultlibs" "-L" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps" "-L" "/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps" "-L" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/build/libfuzzer-sys-f4345974210a91e0/out" "-L" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib" "-Wl,-Bstatic" "-Wl,--whole-archive" "/tmp/rustc.qfwUL9GthAca/librustc_asan-8ace9643cb837c1f.rlib" "-Wl,--no-whole-archive" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib" "/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-277af017a751f84c.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_abort-18d18cadfc8edf94.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind-7bd2cd501470f8b9.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc_system-cadd016c00b5de2d.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc-a0b32af18d16dc87.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc-b41182f137394261.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_unicode-cf4a399ac45042a2.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-40f5c600e4b14118.rlib" "/home/paulg/Projets/rust-lang/rust-alexcrichton/build/x86_64-unknown-linux-gnu/stage2/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins-692482667ecd1289.rlib" "-Wl,-Bdynamic" "-l" "stdc++" "-l" "dl" "-l" "rt" "-l" "pthread" "-l" "pthread" "-l" "gcc_s" "-l" "c" "-l" "m" "-l" "rt" "-l" "pthread" "-l" "util" "-l" "util"
  = note: /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/fuzz_target_1-771287f9e3419628.fuzz_target_10-acbd11e9aec035f47063d8f105cb9142.rs.rcgu.o: In function `asan.module_ctor':
          fuzz_target_10-acbd11e9aec035f47063d8f105cb9142.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          fuzz_target_10-acbd11e9aec035f47063d8f105cb9142.rs:(.text.asan.module_ctor+0x8): undefined reference to `__asan_version_mismatch_check_v8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `testcrate::test_func':
          testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN9testcrate9test_func17h74715c90cecf06d7E+0x25): undefined reference to `__asan_handle_no_return'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `asan.module_ctor':
          testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x7): undefined reference to `__asan_version_mismatch_check_v8'
          testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x22): undefined reference to `__asan_register_elf_globals'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `asan.module_dtor':
          testcrate0-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_dtor+0x16): undefined reference to `__asan_unregister_elf_globals'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `std::panicking::begin_panic':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN3std9panicking11begin_panic17hfb8a4c06ee46e152E+0x5b): undefined reference to `__asan_handle_no_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN3std9panicking11begin_panic17hfb8a4c06ee46e152E+0x77): undefined reference to `__asan_report_store8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN3std9panicking11begin_panic17hfb8a4c06ee46e152E+0x81): undefined reference to `__asan_report_store8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `<core::mem::ManuallyDrop<T>>::into_inner':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$10into_inner17h13fcb8e65bc2feaaE+0x2e): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$10into_inner17h13fcb8e65bc2feaaE+0x3d): undefined reference to `__asan_stack_malloc_1'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$10into_inner17h13fcb8e65bc2feaaE+0xed): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$10into_inner17h13fcb8e65bc2feaaE+0xfe): undefined reference to `__asan_memcpy'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `<core::mem::ManuallyDrop<T>>::new':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$3new17h3d63354e63c36ff7E+0x2e): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$3new17h3d63354e63c36ff7E+0x3d): undefined reference to `__asan_stack_malloc_1'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$3new17h3d63354e63c36ff7E+0xed): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN41_$LT$core..mem..ManuallyDrop$LT$T$GT$$GT$3new17h3d63354e63c36ff7E+0xfe): undefined reference to `__asan_memcpy'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `<core::result::Result<T, E>>::unwrap_or_else':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x2a): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x39): undefined reference to `__asan_stack_malloc_2'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x1b3): undefined reference to `__asan_report_load8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x1d8): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x1e8): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x1f8): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN47_$LT$core..result..Result$LT$T$C$$u20$E$GT$$GT$14unwrap_or_else17h5b26e42eaa662298E+0x20a): undefined reference to `__asan_report_load8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `alloc::heap::exchange_malloc':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc17h51bddc2ca9e7472cE+0x2d): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc17h51bddc2ca9e7472cE+0x3c): undefined reference to `__asan_stack_malloc_1'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `alloc::heap::exchange_malloc::{{closure}}':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc28_$u7b$$u7b$closure$u7d$$u7d$17hfc484dfd98ce4e6aE+0x28): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc28_$u7b$$u7b$closure$u7d$$u7d$17hfc484dfd98ce4e6aE+0x45): undefined reference to `__asan_stack_malloc_1'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc28_$u7b$$u7b$closure$u7d$$u7d$17hfc484dfd98ce4e6aE+0xc6): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN5alloc4heap15exchange_malloc28_$u7b$$u7b$closure$u7d$$u7d$17hfc484dfd98ce4e6aE+0xcb): undefined reference to `__asan_handle_no_return'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `<alloc::heap::Heap as alloc::allocator::Alloc>::oom':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$3oom17h0f831d9ceb689f7eE+0x5): undefined reference to `__asan_handle_no_return'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `<alloc::heap::Heap as alloc::allocator::Alloc>::alloc':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x31): undefined reference to `__asan_option_detect_stack_use_after_return'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x40): undefined reference to `__asan_stack_malloc_3'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x240): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x285): undefined reference to `__asan_memcpy'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x2ba): undefined reference to `__asan_set_shadow_f5'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x2de): undefined reference to `__asan_report_store8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x2e8): undefined reference to `__asan_report_store8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x2f2): undefined reference to `__asan_report_load8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x2fd): undefined reference to `__asan_report_load8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x307): undefined reference to `__asan_report_store8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x311): undefined reference to `__asan_report_store8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$5alloc17hac9e17c012d6ce8cE+0x31b): undefined reference to `__asan_report_store8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `asan.module_ctor':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x7): undefined reference to `__asan_version_mismatch_check_v8'
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x22): undefined reference to `__asan_register_elf_globals'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `asan.module_dtor':
          testcrate2-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_dtor+0x16): undefined reference to `__asan_unregister_elf_globals'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib(testcrate-5ed5d1d83da88395.testcrate1-7e759a6e1d210852cfa98c4fe3e5eb67.rs.rcgu.o): In function `asan.module_ctor':
          testcrate1-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          testcrate1-7e759a6e1d210852cfa98c4fe3e5eb67.rs:(.text.asan.module_ctor+0x8): undefined reference to `__asan_version_mismatch_check_v8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `<alloc::heap::Heap as alloc::allocator::Alloc>::dealloc':
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x31): undefined reference to `__asan_option_detect_stack_use_after_return'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x44): undefined reference to `__asan_stack_malloc_0'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x17d): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x187): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x18e): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN61_$LT$alloc..heap..Heap$u20$as$u20$alloc..allocator..Alloc$GT$7dealloc17h850d91a632331602E+0x198): undefined reference to `__asan_report_load8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `LLVMFuzzerTestOneInput':
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x2d): undefined reference to `__asan_option_detect_stack_use_after_return'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x3c): undefined reference to `__asan_stack_malloc_2'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x313): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x3da): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x3e4): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x3ee): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x3f8): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x41b): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x425): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x42f): undefined reference to `__asan_report_store8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x436): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x440): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x44a): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x455): undefined reference to `__asan_report_load8'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x45c): undefined reference to `__asan_report_load8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o):libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x463): more undefined references to `__asan_report_load8' follow
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `LLVMFuzzerTestOneInput':
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.LLVMFuzzerTestOneInput+0x474): undefined reference to `__asan_report_store8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `libfuzzer_sys::test_input_wrap::{{closure}}':
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN13libfuzzer_sys15test_input_wrap28_$u7b$$u7b$closure$u7d$$u7d$17had3a20e0acda1090E+0x2): undefined reference to `__asan_handle_no_return'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `asan.module_ctor':
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          libfuzzer_sys0-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x8): undefined reference to `__asan_version_mismatch_check_v8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys2-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `asan.module_ctor':
          libfuzzer_sys2-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          libfuzzer_sys2-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x8): undefined reference to `__asan_version_mismatch_check_v8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `std::panicking::try':
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x33): undefined reference to `__asan_option_detect_stack_use_after_return'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x42): undefined reference to `__asan_stack_malloc_1'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2ca): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2d4): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2de): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2e5): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2f0): undefined reference to `__asan_report_load8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x2fa): undefined reference to `__asan_report_load8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x301): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x30b): undefined reference to `__asan_report_store8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try17h14e8689bd74afcc5E+0x315): undefined reference to `__asan_report_store8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `std::panicking::try::do_call':
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try7do_call17h7ee0d97142cab0dbE+0x7f): undefined reference to `__asan_report_load8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try7do_call17h7ee0d97142cab0dbE+0x86): undefined reference to `__asan_report_load8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try7do_call17h7ee0d97142cab0dbE+0x90): undefined reference to `__asan_report_load8'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text._ZN3std9panicking3try7do_call17h7ee0d97142cab0dbE+0x9a): undefined reference to `__asan_report_load8'
          /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib(libfuzzer_sys-be3169c3de2b03b7.libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs.rcgu.o): In function `asan.module_ctor':
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x2): undefined reference to `__asan_init'
          libfuzzer_sys1-95c210081dd066a52663d90882f2d8f8.rs:(.text.asan.module_ctor+0x8): undefined reference to `__asan_version_mismatch_check_v8'
          collect2: error: ld returned 1 exit status
          

error: aborting due to previous error

error: Could not compile `testcrate-fuzz`.

Caused by:
  process didn't exit successfully: `rustc --crate-name fuzz_target_1 fuzz_targets/fuzz_target_1.rs --crate-type bin --emit=dep-info,link -C opt-level=3 -C metadata=771287f9e3419628 -C extra-filename=-771287f9e3419628 --out-dir /tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps --target x86_64-unknown-linux-gnu -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps -L dependency=/tmp/cargo-fuzz/testcrate/fuzz/target/release/deps --extern testcrate=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libtestcrate-5ed5d1d83da88395.rlib --extern libfuzzer_sys=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/deps/liblibfuzzer_sys-be3169c3de2b03b7.rlib --cfg fuzzing -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=3 -Zsanitizer=address -Cpanic=abort -L native=/tmp/cargo-fuzz/testcrate/fuzz/target/x86_64-unknown-linux-gnu/release/build/libfuzzer-sys-f4345974210a91e0/out` (exit code: 101)
error: could not build fuzz script: "cargo" "build" "--manifest-path" "/tmp/cargo-fuzz/testcrate/fuzz/Cargo.toml" "--verbose" "--bin" "fuzz_target_1" "--target" "x86_64-unknown-linux-gnu" "--release"

[PaulGrandperrin]

Ok, so to get everything working, updating to libfuzzer 6.0 is not enough, you also need to link to asan or remove the -Zsanitizer from cargo-fuzz.
I did the latter (easier) and now it works fine, so I think we'll be able to close this bug once #47828 is merged.

[PaulGrandperrin]

I tried to reproduce on recent nightly and the bug seems to be gone, so I'm closing.