[Bug c/121920] New: ICE (SIGSEGV, NULL-ptr reference) in rtl_ssa::clobber_info::recompute_group() with -O2 -std=gnu11 -fstack-protector-strong on mips64el

mjt+gcc at tls dot msk.ru via Gcc-bugs Thu, 11 Sep 2025 16:11:17 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121920


            Bug ID: 121920
           Summary: ICE (SIGSEGV, NULL-ptr reference) in
                    rtl_ssa::clobber_info::recompute_group() with -O2
                    -std=gnu11 -fstack-protector-strong on mips64el
           Product: gcc
           Version: 15.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: mjt+gcc at tls dot msk.ru
  Target Milestone: ---

This is a debian sid gcc, gcc-15 (Debian 15.2.0-3) 15.2.0.

Initially were building qemu 10.1 on mips64el:
https://buildd.debian.org/status/fetch.php?pkg=qemu&arch=mips64el&ver=1%3A10.1.0%2Bds-3&stamp=1757566938&raw=0

Reduced command-line:
~~~~~~~~~~~~~~~~~~~~~

/usr/libexec/gcc/mips64el-linux-gnuabi64/15/cc1 -quiet -O2 -std=gnu11
-fstack-protector-strong d.c -o d.o

Reduced source (cvise):
~~~~~~~~~~~~~~~~~~~~~~~

int load_segment_ra_env_0, load_segment_ra_selector, load_segment_ra_dt,
    load_segment_ra_dt_0, helper_lcall_protected_new_cs,
    helper_lcall_protected_shift;
void *helper_lcall_protected___trans_tmp_4,
    *helper_lcall_protected___trans_tmp_2;
void cpu_ldl_le_mmuidx_ra();
__attribute__((__noreturn__)) void raise_exception_err_ra();
typedef struct {
  long ra
} StackAccess;
int load_segment_ra() {
  if (load_segment_ra_selector)
    load_segment_ra_dt = load_segment_ra_env_0;
  if (load_segment_ra_dt_0)
    return -1;
  cpu_ldl_le_mmuidx_ra();
  return 0;
}
void helper_lcall_protected() {
  void *__trans_tmp_5;
  StackAccess sa;
  if (helper_lcall_protected_new_cs) {
    helper_lcall_protected___trans_tmp_2 = __builtin_return_address(0);
    raise_exception_err_ra();
  }
  helper_lcall_protected___trans_tmp_4 = __builtin_return_address(0);
  if (load_segment_ra())
    raise_exception_err_ra();
  __trans_tmp_5 = __builtin_return_address(0);
  sa.ra = (long)__builtin_extract_return_addr(__trans_tmp_5);
  if (helper_lcall_protected_shift)
    cpu_ldl_le_mmuidx_ra(&sa);
}



Compiler output:
~~~~~~~~~~~~~~~~

during RTL pass: late_combine
d.c: In function 'helper_lcall_protected':
d.c:33:1: internal compiler error: Segmentation fault
   33 | }
      | ^
0x1218e5447 internal_error(char const*, ...)
        ../../src/gcc/diagnostic-global-context.cc:517
0x120a33afb crash_signal
        ../../src/gcc/toplev.cc:322
0x1217cb091 rtl_ssa::clobber_info::recompute_group()
        ../../src/gcc/rtl-ssa/accesses.cc:67
0x12177258b rtl_ssa::clobber_info::group() const
        ../../src/gcc/rtl-ssa/member-fns.inl:200
0x12177258b rtl_ssa::last_clobber_in_group(rtl_ssa::clobber_info*)
        ../../src/gcc/rtl-ssa/access-utils.h:254
0x12177258b rtl_ssa::last_clobber_in_group(rtl_ssa::clobber_info*)
        ../../src/gcc/rtl-ssa/access-utils.h:251
0x12177258b first_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
        ../../src/gcc/rtl-ssa/access-utils.h:516
0x121773e33 next_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
        ../../src/gcc/rtl-ssa/access-utils.h:554
0x121773e33 restrict_movement_for_defs<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
        ../../src/gcc/rtl-ssa/movement.h:235
0x121773e33 restrict_movement<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
        ../../src/gcc/rtl-ssa/change-utils.h:66
0x121773e33 substitute_nondebug_use
        ../../src/gcc/late-combine.cc:249
0x121773e33 substitute_nondebug_uses
        ../../src/gcc/late-combine.cc:271
0x121774ac3 run
        ../../src/gcc/late-combine.cc:440
0x121774ac3 combine_into_uses
        ../../src/gcc/late-combine.cc:690
0x1217754b3 execute
        ../../src/gcc/late-combine.cc:718
0x1217754b3 execute
        ../../src/gcc/late-combine.cc:771
Please submit a full bug report, with preprocessed source (by using
-freport-bug).


gdb run:
~~~~~~~~

unfortunately, not much, as most of the stuff is optimized out.

Program received signal SIGSEGV, Segmentation fault.
rtl_ssa::clobber_info::recompute_group (this=0x122516d58)
    at ../../src/gcc/rtl-ssa/accesses.cc:67
(gdb) l
62        if (cursor == m_parent)
63          cursor = this;
64      
65        // Walk up the tree from CURSOR updating clobbers that need it.
66        // This walk always includes this clobber.
67        while (cursor->m_group != group)
68          {
69            cursor->m_group = group;
70            cursor = cursor->m_parent;
71          }
(gdb) p cursor
$1 = (rtl_ssa::clobber_info *) 0x0
(gdb) p m_parent
$2 = (rtl_ssa::clobber_info *) 0x0
(gdb) bt
#0  rtl_ssa::clobber_info::recompute_group (this=0x122516d58)
    at ../../src/gcc/rtl-ssa/accesses.cc:67
#1  0x000000012177258c in rtl_ssa::clobber_info::group (this=<optimized out>)
    at ../../src/gcc/rtl-ssa/member-fns.inl:200
#2  rtl_ssa::last_clobber_in_group (clobber=<optimized out>)
    at ../../src/gcc/rtl-ssa/access-utils.h:254
#3  rtl_ssa::last_clobber_in_group (clobber=<optimized out>)
    at ../../src/gcc/rtl-ssa/access-utils.h:251
#4  rtl_ssa::first_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(def=<optimized out>, 
    ignore_clobbers_setting=<optimized out>, ignore=...)
    at ../../src/gcc/rtl-ssa/access-utils.h:516
#5  0x0000000121773e34 in rtl_ssa::next_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(
    def=0x122515ff8, ignore_clobbers_setting=rtl_ssa::ignore_clobbers::YES, 
    ignore=...) at ../../src/gcc/rtl-ssa/access-utils.h:554
#6  rtl_ssa::restrict_movement_for_defs<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(defs=..., 
    move_range=..., ignore=...) at ../../src/gcc/rtl-ssa/movement.h:235
#7  rtl_ssa::restrict_movement<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(change=..., ignore=...)
    at ../../src/gcc/rtl-ssa/change-utils.h:66
#8  (anonymous namespace)::insn_combination::substitute_nondebug_use (
    this=0xffffff1fe0, use=<optimized out>)
    at ../../src/gcc/late-combine.cc:249
#9  (anonymous namespace)::insn_combination::substitute_nondebug_uses (
    this=<optimized out>, def=<optimized out>)
    at ../../src/gcc/late-combine.cc:271
#10 0x0000000121774ac4 in (anonymous namespace)::insn_combination::run (
    this=0xffffff1fe0) at ../../src/gcc/late-combine.cc:440
#11 (anonymous namespace)::late_combine::combine_into_uses (this=0xffffff20d0, 
    insn=<optimized out>, cursor=0x122515cc8)
    at ../../src/gcc/late-combine.cc:690
--Type <RET> for more, q to quit, c to continue without paging--
#12 0x00000001217754b4 in (anonymous namespace)::late_combine::execute (
    this=0xffffff20d0, fn=<optimized out>) at ../../src/gcc/late-combine.cc:718
#13 (anonymous namespace)::pass_late_combine::execute (this=<optimized out>, 
    fn=<optimized out>) at ../../src/gcc/late-combine.cc:771
#14 0x00000001208d48d8 in execute_one_pass (pass=0x12222c110)
    at ../../src/gcc/passes.cc:2659
#15 0x00000001208d53d8 in execute_pass_list_1 (pass=0x12222c110)
    at ../../src/gcc/passes.cc:2768
#16 0x00000001208d53f8 in execute_pass_list_1 (pass=0x12222c050)
    at ../../src/gcc/passes.cc:2769
#17 0x00000001208d53f8 in execute_pass_list_1 (pass=0x12222acd0)
    at ../../src/gcc/passes.cc:2769
#18 0x00000001208d5474 in execute_pass_list (fn=<optimized out>, 
    pass=<optimized out>) at ../../src/gcc/passes.cc:2779
#19 0x000000012046b9ec in cgraph_node::expand (this=0xfff6f9c770)
    at ../../src/gcc/context.h:48
#20 cgraph_node::expand (this=0xfff6f9c770) at ../../src/gcc/cgraphunit.cc:1812
#21 0x000000012046d598 in expand_all_functions ()
    at ../../src/gcc/cgraphunit.cc:2042
#22 symbol_table::compile (this=<optimized out>)
    at ../../src/gcc/cgraphunit.cc:2418
#23 0x0000000120470808 in symbol_table::compile (this=0xfff6f80000)
    at ../../src/gcc/cgraphunit.cc:2329
#24 symbol_table::finalize_compilation_unit (this=0xfff6f80000)
    at ../../src/gcc/cgraphunit.cc:2607
#25 0x0000000120a33f7c in compile_file () at ../../src/gcc/toplev.cc:479
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) frame 1
#1  0x000000012177258c in rtl_ssa::clobber_info::group (this=<optimized out>)
    at ../../src/gcc/rtl-ssa/member-fns.inl:200
200       return const_cast<clobber_info *> (this)->recompute_group ();
(gdb) l
195     inline clobber_group *
196     clobber_info::group () const
197     {
198       if (!m_group || !m_group->has_been_superceded ())
199         return m_group;
200       return const_cast<clobber_info *> (this)->recompute_group ();
201     }
202     
203     inline use_info *
204     set_info::last_use () const
(gdb) p m_group
value has been optimized out
(gdb) frame 3
#3  rtl_ssa::last_clobber_in_group (clobber=<optimized out>)
    at ../../src/gcc/rtl-ssa/access-utils.h:251
251     last_clobber_in_group (clobber_info *clobber)
(gdb) l
246     }
247     
248     // If CLOBBER is in a group, return the last clobber in the group,
249     // otherwise return CLOBBER itself.
250     inline clobber_info *
251     last_clobber_in_group (clobber_info *clobber)
252     {
253       if (clobber->is_in_group ())
254         return clobber->group ()->last_clobber ();
255       return clobber;
(gdb) p clobber
$3 = <optimized out>
(gdb) p *clobber
value has been optimized out
(gdb) frame 4
#4  rtl_ssa::first_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(def=<optimized out>, 
    ignore_clobbers_setting=<optimized out>, ignore=...)
    at ../../src/gcc/rtl-ssa/access-utils.h:516
516             def = last_clobber_in_group (clobber);
(gdb) p clobber
$4 = <optimized out>
(gdb) frame 5
#5  0x0000000121773e34 in rtl_ssa::next_access<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(
    def=0x122515ff8, ignore_clobbers_setting=rtl_ssa::ignore_clobbers::YES, 
    ignore=...) at ../../src/gcc/rtl-ssa/access-utils.h:554
554       return first_access (def->next_def (), ignore_clobbers_setting,
ignore);
(gdb) l
549     {
550       if (!ignore.should_ignore_def (def))
551         if (use_info *use = first_nondebug_insn_use (def, ignore))
552           return use;
553     
554       return first_access (def->next_def (), ignore_clobbers_setting,
ignore);
555     }
556     
557     // Return true if ACCESS1 should before ACCESS2 in an access_array.
558     inline bool
(gdb) p ignore
$5 = {<rtl_ssa::ignore_nothing> = {<No data fields>}, m_def = 0x122515e98, 
  m_use_insn = 0x122515ee0}
(gdb) p ignore_clobbers_setting 
$6 = rtl_ssa::ignore_clobbers::YES
(gdb) p def->next_def()
Cannot evaluate function -- may be inlined
(gdb) frame 6
#6  rtl_ssa::restrict_movement_for_defs<(anonymous
namespace)::insn_combination::substitute_nondebug_use(rtl_ssa::use_info*)::local_ignore>
(defs=..., 
    move_range=..., ignore=...) at ../../src/gcc/rtl-ssa/movement.h:235
235           access = next_access (def, ignore_clobbers (is_clobber), ignore);
(gdb) 
(gdb) frame 0
#0  rtl_ssa::clobber_info::recompute_group (this=0x122516d58)
    at ../../src/gcc/rtl-ssa/accesses.cc:67
67        while (cursor->m_group != group)
(gdb) p this
$7 = (rtl_ssa::clobber_info * const) 0x122516d58
(gdb) l
62        if (cursor == m_parent)
63          cursor = this;
64      
65        // Walk up the tree from CURSOR updating clobbers that need it.
66        // This walk always includes this clobber.
67        while (cursor->m_group != group)
68          {
69            cursor->m_group = group;
70            cursor = cursor->m_parent;
71          }
(gdb) p group
$8 = (rtl_ssa::clobber_group *) 0x0
(gdb) p *this
$9 = {<rtl_ssa::def_info> = {<rtl_ssa::access_info> = {m_regno = 31, 
      m_mode = E_BLKmode, m_kind = rtl_ssa::access_kind::CLOBBER, 
      m_is_artificial = 0, m_is_set_with_nondebug_insn_uses = 0, 
      m_is_pre_post_modify = 0, m_is_call_clobber = 0, m_is_live_out_use = 0, 
      m_includes_address_uses = 0, m_includes_read_writes = 0, 
      m_includes_subregs = 0, m_includes_multiregs = 0, 
      m_only_occurs_in_notes = 0, m_is_last_nondebug_insn_use = 0, 
      m_is_in_debug_insn_or_phi = 0, m_has_been_superceded = 0, 
      m_is_temp = 0}, m_insn = 0x122516ba0, m_last_def_or_prev_def = {
      m_ptr = 0x122515ff9 ""}, m_splay_root_or_next_def = {
      m_ptr = 0x122517751 ""}}, m_children = {0x122515ff8, 0x122517750}, 
  m_parent = 0x0, m_group = 0x0}

[Bug c/121920] New: ICE (SIGSEGV, NULL-ptr reference) in rtl_ssa::clobber_info::recompute_group() with -O2 -std=gnu11 -fstack-protector-strong on mips64el

Reply via email to