https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98415
Bug ID: 98415 Summary: [11 Regression] GCC crashes on Linux kernel build after r11-6271-g69165332a914f1167c3077fa1f57afc64fd8a667 Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: mkuvyrkov at gcc dot gnu.org Target Milestone: --- GCC crashes building one of Linux kernel drivers after r11-6271-g69165332a914f1167c3077fa1f57afc64fd8a667 at least for AArch64 and ARM (likely, other architectures as well, but I didn't test). Attached is a reduced (down from 3.5M!) testcase for GCC targeting aarch64-linux-gnu. Before r11-6271-g69165332a914f1167c3077fa1f57afc64fd8a667 cc1 cleanly compiles the attached testcase: $ ./cc1 channel.i -o channel.s -quiet -Wall -Wundef -Werror -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=1344 -O2 -Wno-pointer-sign -Wno-packed-not-aligned -fno-strict-aliasing and after we get: <cut> $ ./cc1 channel.i -o channel.s -quiet -Wall -Wundef -Werror -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=1344 -O2 -Wno-pointer-sign -Wno-packed-not-aligned -fno-strict-aliasing free(): invalid next size (fast) during GIMPLE pass: ccp channel.i: In function ‘ak’: channel.i:19:1: internal compiler error: Aborted 19 | } | ^ 0xf440b3 crash_signal /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/toplev.c:327 0xac0e4a ~dom_info /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/dominance.c:284 0xac2a5b calculate_dominance_info(cdi_direction) /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/dominance.c:733 0xf99929 cleanup_tree_cfg_noloop /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/tree-cfgcleanup.c:1086 0xf99929 cleanup_tree_cfg(unsigned int) /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/tree-cfgcleanup.c:1187 0xe5634c execute_function_todo /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/passes.c:2008 0xe5705e execute_todo /home/maxim.kuvyrkov/tcwg_kernel/abe/snapshots/gcc.git~master/gcc/passes.c:2096 Please submit a full bug report, with preprocessed source if appropriate. Please include the complete backtrace with any bug report. See <https://gcc.gnu.org/bugs/> for instructions. </cut> Interestingly, the original testcase crashes with a different backtrace: <cut> 00:18:04 realloc(): invalid next size 00:18:04 during GIMPLE pass: pre 00:18:04 drivers/net/wireless/broadcom/brcm80211/brcmsmac/channel.c: In function ‘brcms_reg_notifier’: 00:18:04 drivers/net/wireless/broadcom/brcm80211/brcmsmac/channel.c:695:13: internal compiler error: Aborted 00:18:04 695 | static void brcms_reg_notifier(struct wiphy *wiphy, 00:18:04 | ^~~~~~~~~~~~~~~~~~ 00:18:04 0xd95a3f crash_signal 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/toplev.c:327 00:18:04 0x1adb9cc xrealloc 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/libiberty/xmalloc.c:179 00:18:04 0xf8772a void va_heap::reserve<bitmap_head*>(vec<bitmap_head*, va_heap, vl_embed>*&, unsigned int, bool) 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/vec.h:290 00:18:04 0xf8772a vec<bitmap_head*, va_heap, vl_ptr>::reserve(unsigned int, bool) 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/vec.h:1778 00:18:04 0xf7ddd9 vec<bitmap_head*, va_heap, vl_ptr>::safe_grow(unsigned int, bool) 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/vec.h:1926 00:18:04 0xf7ddd9 vec<bitmap_head*, va_heap, vl_ptr>::safe_grow_cleared(unsigned int, bool) 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/vec.h:1945 00:18:04 0xf7ddd9 add_to_value 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:715 00:18:04 0xf7edd7 phi_translate_1 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:1740 00:18:04 0xf7f7cf phi_translate 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:1807 00:18:04 0xf82aeb phi_translate_set 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:1852 00:18:04 0xf8305a compute_antic_aux 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:2192 00:18:04 0xf8305a compute_antic 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:2538 00:18:04 0xf8562b execute 00:18:04 /home/tcwg-buildslave/workspace/tcwg_kernel_0/abe/snapshots/gcc.git~master/gcc/tree-ssa-pre.c:4409 00:18:04 Please submit a full bug report, 00:18:04 with preprocessed source if appropriate. 00:18:04 Please include the complete backtrace with any bug report. </cut> I speculate that this is due to r11-6271-g69165332a914f1167c3077fa1f57afc64fd8a667 making (or exposing a latent) mistake in memory allocation.