https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52622
--- Comment #12 from Dominique d'Humieres <dominiq at lps dot ens.fr> --- An instrumented compiler gives: pr52622_red.f90:30:35: type, bind(c) :: Args_Basic_epv_t 1 Warning: Derived type 'args_basic_epv_t' with BIND(C) attribute at (1) is empty, and may be inaccessible by the C companion processor pr52622_red.f90:98:2: function passeverywherefcomplex_impl(self, c1, c2, c3, exception) result( & 1 Error: Unclassifiable statement at (1) ================================================================= ==2028==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200008091a at pc 0x0001002ff02e bp 0x7fff5fbfe920 sp 0x7fff5fbfe918 READ of size 1 at 0x61200008091a thread T0 #0 0x1002ff02d in resolve_symbol(gfc_symbol*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002ff02d) #1 0x10039b1b8 in do_traverse_symtree(gfc_symtree*, void (*)(gfc_symtree*), void (*)(gfc_symbol*)) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10039b1b8) #2 0x1003b3773 in gfc_traverse_ns(gfc_namespace*, void (*)(gfc_symbol*)) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3773) #3 0x100345c3a in resolve_types(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100345c3a) #4 0x100345d66 in resolve_types(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100345d66) #5 0x1002f42cf in gfc_resolve(gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002f42cf) #6 0x10029a2bf in gfc_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a2bf) #7 0x1003f14f2 in gfc_be_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003f14f2) #8 0x1045a4bac in compile_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045a4bac) #9 0x1045ad7fe in do_compile() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe) #10 0x10651f30d in toplev::main(int, char**) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d) #11 0x1065249ce in main (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce) #12 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234) 0x61200008091a is located 90 bytes inside of 320-byte region [0x6120000808c0,0x612000080a00) freed by thread T0 here: #0 0x152cd4120 in wrap_free.part.0 (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x67120) #1 0x1003b3068 in gfc_free_symbol(gfc_symbol*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3068) #2 0x1003b3519 in gfc_release_symbol(gfc_symbol*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003b3519) #3 0x1003bf7ed in gfc_restore_last_undo_checkpoint() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003bf7ed) #4 0x1003bfea3 in gfc_undo_symbols() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003bfea3) #5 0x10027e8e5 in reject_statement() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10027e8e5) #6 0x100289e9c in decode_statement() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100289e9c) #7 0x10028c1dc in next_free() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028c1dc) #8 0x10028caa6 in next_statement() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028caa6) #9 0x1002991ab in parse_contained(int) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002991ab) #10 0x1002996e4 in parse_module() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002996e4) #11 0x10029a4e1 in gfc_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a4e1) #12 0x1003f14f2 in gfc_be_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003f14f2) #13 0x1045a4bac in compile_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045a4bac) #14 0x1045ad7fe in do_compile() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe) #15 0x10651f30d in toplev::main(int, char**) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d) #16 0x1065249ce in main (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce) #17 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234) previously allocated by thread T0 here: #0 0x152cd376c in wrap_calloc (/opt/gcc/gcc8w/lib/libasan.4.dylib+0x6676c) #1 0x106366bd9 in xcalloc (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x106366bd9) #2 0x1003aafd8 in gfc_new_symbol(char const*, gfc_namespace*) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003aafd8) #3 0x1003ad6ea in gfc_get_sym_tree(char const*, gfc_namespace*, gfc_symtree**, bool) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003ad6ea) #4 0x1003ae8c5 in gfc_get_symbol(char const*, gfc_namespace*, gfc_symbol**) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1003ae8c5) #5 0x1000888e9 in gfc_match_formal_arglist(gfc_symbol*, int, int) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1000888e9) #6 0x100099ced in gfc_match_function_decl() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100099ced) #7 0x100289afc in decode_statement() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x100289afc) #8 0x10028c1dc in next_free() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028c1dc) #9 0x10028caa6 in next_statement() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10028caa6) #10 0x1002991ab in parse_contained(int) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002991ab) #11 0x1002996e4 in parse_module() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002996e4) #12 0x10029a4e1 in gfc_parse_file() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10029a4e1) #15 0x1045ad7fe in do_compile() (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1045ad7fe) #16 0x10651f30d in toplev::main(int, char**) (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x10651f30d) #17 0x1065249ce in main (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1065249ce) #18 0x7fffbcb65234 in start (/usr/lib/system/libdyld.dylib+0x5234) SUMMARY: AddressSanitizer: heap-use-after-free (/opt/gcc/gcc8g/libexec/gcc/x86_64-apple-darwin16.7.0/8.0.0/f951+0x1002ff02d) in resolve_symbol(gfc_symbol*) Shadow bytes around the buggy address: 0x1c24000100d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c24000100e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x1c24000100f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2400010100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2400010110: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x1c2400010120: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2400010130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2400010140: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c2400010150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2400010160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2400010170: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2028==ABORTING f951: internal compiler error: Abort trap: 6