This bug (PR28124) was introduced by r237977, which refactored the tail call
sequence to be generated in two passes instead of one.
Unfortunately, the stack adjustment produced by the first pass was not
recognized by X86FrameLowering::mergeSPUpdates() in all cases, causing
code such as the following, which clobbers the return address, to be
popl %edi popl %edi pushl %eax jmp tailcallee # TAILCALL
By moving the stack adjustment by X86MachineFunctionInfo::getTCReturnAddrDelta() from X86FrameLowering::emitEpilogue() to X86ExpandPseudo::ExpandMI(), the bug is fixed.