Crash in net/core/dev.c when assertions are enabled after commit 13cabc47f8ae

[nathanchance]

After commit 13cabc47f8ae ("netdevice: define and allocate &net_device _properly_"), which is now in mainline, I am seeing a crash when assertions are enabled in clang/LLVM that appears to be related to -fstrict-flex-arrays=3.

$ make -sjk"$(nproc)" ARCH=x86_64 LLVM=1 allmodconfig net/core/dev.o
clang: /home/nathan/cbl/src/patched/tc-build/src/llvm-project/clang/lib/CodeGen/CodeGenTypes.cpp:847: const CGRecordLayout &clang::CodeGen::CodeGenTypes::getCGRecordLayout(const RecordDecl *): Assertion `I != CGRecordLayouts.end() && "Unable to find record layout information for type"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /home/nathan/cbl/toolchains/llvm-latest/bin/clang --target=x86_64-linux-gnu -fintegrated-as -Werror=unknown-warning-option -Werror=ignored-optimization-argument -Werror=option-ignored -Werror=unused-command-line-argument -fmacro-prefix-map=/home/nathan/cbl/src/dev/linux/= -std=gnu11 -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=branch -fno-jump-tables -m64 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mstack-alignment=8 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mretpoline-external-thunk -mindirect-branch-cs-prefix -mfunction-return=thunk-extern -mharden-sls=all -fpatchable-function-entry=59,59 -fno-delete-null-pointer-checks -O2 -fstack-protector-strong -ftrivial-auto-var-init=pattern -fno-stack-clash-protection -fzero-call-used-regs=used-gpr -pg -mfentry -fsanitize=kcfi -falign-functions=64 -fstrict-flex-arrays=3 -fno-strict-overflow -fno-stack-check -Wall -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs -Wno-frame-address -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=2048 -Wno-gnu -Wvla -Wno-pointer-sign -Wcast-function-type -Wimplicit-fallthrough -Werror=date-time -Werror=incompatible-pointer-types -Wenum-conversion -Wextra -Wunused -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-format-overflow -Wno-format-overflow-non-kprintf -Wno-format-truncation-non-kprintf -Wno-override-init -Wno-pointer-to-enum-cast -Wno-tautological-constant-out-of-range-compare -Wno-unaligned-access -Wno-enum-compare-conditional -Wno-enum-enum-conversion -Wno-missing-field-initializers -Wno-type-limits -Wno-shift-negative-value -Wno-sign-compare -Wno-unused-parameter -frandomize-layout-seed-file=./scripts/basic/randstruct.seed -fsanitize=array-bounds -fsanitize=shift -fsanitize=bool -fsanitize=enum -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -fsanitize=thread -fno-optimize-sibling-calls -mllvm -tsan-compound-read-before-write=1 -mllvm -tsan-distinguish-volatile=1 -Werror -nostdinc -I/home/nathan/cbl/src/dev/linux/arch/x86/include -I./arch/x86/include/generated -I/home/nathan/cbl/src/dev/linux/include -I./include -I/home/nathan/cbl/src/dev/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/nathan/cbl/src/dev/linux/include/uapi -I./include/generated/uapi -include /home/nathan/cbl/src/dev/linux/include/linux/compiler-version.h -include /home/nathan/cbl/src/dev/linux/include/linux/kconfig.h -include /home/nathan/cbl/src/dev/linux/include/linux/compiler_types.h -D__KERNEL__ -DCC_USING_NOP_MCOUNT -DCC_USING_FENTRY -DRANDSTRUCT -I/home/nathan/cbl/src/dev/linux/net/core -Inet/core -DKBUILD_MODFILE=\"net/core/dev\" -DKBUILD_BASENAME=\"dev\" -DKBUILD_MODNAME=\"dev\" -D__KBUILD_MODNAME=kmod_dev -c -Wp,-MMD,net/core/.dev.o.d -fcolor-diagnostics -o net/core/dev.o /home/nathan/cbl/src/dev/linux/net/core/dev.c
1.      /home/nathan/cbl/src/dev/linux/net/core/dev.c:10551:1 <Spelling=/home/nathan/cbl/src/dev/linux/include/linux/export.h:56:2>: current parser token 'extern'
2.      /home/nathan/cbl/src/dev/linux/net/core/dev.c:10541:6: LLVM IR generation of declaration 'init_dummy_netdev'
3.      /home/nathan/cbl/src/dev/linux/net/core/dev.c:10541:6: Generating code for declaration 'init_dummy_netdev'
4.      /home/nathan/cbl/src/dev/linux/net/core/dev.c:10548:2 <Spelling=/home/nathan/cbl/src/dev/linux/include/linux/fortify-string.h:501:65>: LLVM IR generation of compound statement ('{}')
...

In this configuration, this is what I end up with for struct net_device after preprocessing:

struct net_device {
 __u8 __cacheline_group_begin__net_device_read_tx[0];
 unsigned long long priv_flags;
 const struct net_device_ops *netdev_ops;
 const struct header_ops *header_ops;
 struct netdev_queue *_tx;
 netdev_features_t gso_partial_features;
 unsigned int real_num_tx_queues;
 unsigned int gso_max_size;
 unsigned int gso_ipv4_max_size;
 u16 gso_max_segs;
 s16 num_tc;
 unsigned int mtu;
 unsigned short needed_headroom;
 struct netdev_tc_txq tc_to_txq[16];
 struct xps_dev_maps *xps_maps[XPS_MAPS_MAX];
 struct nf_hook_entries *nf_hooks_egress;
 struct bpf_mprog_entry *tcx_egress;
 __u8 __cacheline_group_end__net_device_read_tx[0];
 __u8 __cacheline_group_begin__net_device_read_txrx[0];
 union {
  struct pcpu_lstats *lstats;
  struct pcpu_sw_netstats *tstats;
  struct pcpu_dstats *dstats;
 };
 unsigned long state;
 unsigned int flags;
 unsigned short hard_header_len;
 netdev_features_t features;
 struct inet6_dev *ip6_ptr;
 __u8 __cacheline_group_end__net_device_read_txrx[0];
 __u8 __cacheline_group_begin__net_device_read_rx[0];
 struct bpf_prog *xdp_prog;
 struct list_head ptype_specific;
 int ifindex;
 unsigned int real_num_rx_queues;
 struct netdev_rx_queue *_rx;
 unsigned long gro_flush_timeout;
 int napi_defer_hard_irqs;
 unsigned int gro_max_size;
 unsigned int gro_ipv4_max_size;
 rx_handler_func_t *rx_handler;
 void *rx_handler_data;
 possible_net_t nd_net;
 struct netpoll_info *npinfo;
 struct bpf_mprog_entry *tcx_ingress;
 __u8 __cacheline_group_end__net_device_read_rx[0];
 char name[16];
 struct netdev_name_node *name_node;
 struct dev_ifalias *ifalias;
 unsigned long mem_end;
 unsigned long mem_start;
 unsigned long base_addr;
 struct list_head dev_list;
 struct list_head napi_list;
 struct list_head unreg_list;
 struct list_head close_list;
 struct list_head ptype_all;
 struct {
  struct list_head upper;
  struct list_head lower;
 } adj_list;
 xdp_features_t xdp_features;
 const struct xdp_metadata_ops *xdp_metadata_ops;
 const struct xsk_tx_metadata_ops *xsk_tx_metadata_ops;
 unsigned short gflags;
 unsigned short needed_tailroom;
 netdev_features_t hw_features;
 netdev_features_t wanted_features;
 netdev_features_t vlan_features;
 netdev_features_t hw_enc_features;
 netdev_features_t mpls_features;
 unsigned int min_mtu;
 unsigned int max_mtu;
 unsigned short type;
 unsigned char min_header_len;
 unsigned char name_assign_type;
 int group;
 struct net_device_stats stats;
 struct net_device_core_stats *core_stats;
 atomic_t carrier_up_count;
 atomic_t carrier_down_count;
 const struct iw_handler_def *wireless_handlers;
 struct iw_public_data *wireless_data;
 const struct ethtool_ops *ethtool_ops;
 const struct l3mdev_ops *l3mdev_ops;
 const struct ndisc_ops *ndisc_ops;
 const struct xfrmdev_ops *xfrmdev_ops;
 const struct tlsdev_ops *tlsdev_ops;
 unsigned int operstate;
 unsigned char link_mode;
 unsigned char if_port;
 unsigned char dma;
 unsigned char perm_addr[32];
 unsigned char addr_assign_type;
 unsigned char addr_len;
 unsigned char upper_level;
 unsigned char lower_level;
 unsigned short neigh_priv_len;
 unsigned short dev_id;
 unsigned short dev_port;
 int irq;
 u32 priv_len;
 spinlock_t addr_list_lock;
 struct netdev_hw_addr_list uc;
 struct netdev_hw_addr_list mc;
 struct netdev_hw_addr_list dev_addrs;
 struct kset *queues_kset;
 struct list_head unlink_list;
 unsigned int promiscuity;
 unsigned int allmulti;
 bool uc_promisc;
 unsigned char nested_level;
 struct in_device *ip_ptr;
 struct vlan_info *vlan_info;
 struct dsa_port *dsa_ptr;
 struct tipc_bearer *tipc_ptr;
 void *atalk_ptr;
 void *ax25_ptr;
 struct wireless_dev *ieee80211_ptr;
 struct wpan_dev *ieee802154_ptr;
 struct mpls_dev *mpls_ptr;
 struct mctp_dev *mctp_ptr;
 const unsigned char *dev_addr;
 unsigned int num_rx_queues;
 unsigned int xdp_zc_max_segs;
 struct netdev_queue *ingress_queue;
 struct nf_hook_entries *nf_hooks_ingress;
 unsigned char broadcast[32];
 struct cpu_rmap *rx_cpu_rmap;
 struct hlist_node index_hlist;
 unsigned int num_tx_queues;
 struct Qdisc *qdisc;
 unsigned int tx_queue_len;
 spinlock_t tx_global_lock;
 struct xdp_dev_bulk_queue *xdp_bulkq;
 struct hlist_head qdisc_hash[1 << (4)];
 struct timer_list watchdog_timer;
 int watchdog_timeo;
 u32 proto_down_reason;
 struct list_head todo_list;
 int *pcpu_refcnt;
 struct ref_tracker_dir refcnt_tracker;
 struct list_head link_watch_list;
 u8 reg_state;
 bool dismantle;
 enum {
  RTNL_LINK_INITIALIZED,
  RTNL_LINK_INITIALIZING,
 } rtnl_link_state:16;
 bool needs_free_netdev;
 void (*priv_destructor)(struct net_device *dev);
 void *ml_priv;
 enum netdev_ml_priv_type ml_priv_type;
 enum netdev_stat_type pcpu_stat_type:8;
 struct garp_port *garp_port;
 struct mrp_port *mrp_port;
 struct dm_hw_stat_delta *dm_private;
 struct device dev;
 const struct attribute_group *sysfs_groups[4];
 const struct attribute_group *sysfs_rx_queue_group;
 const struct rtnl_link_ops *rtnl_link_ops;
 const struct netdev_stat_ops *stat_ops;
 const struct netdev_queue_mgmt_ops *queue_mgmt_ops;
 unsigned int tso_max_size;
 u16 tso_max_segs;
 const struct dcbnl_rtnl_ops *dcbnl_ops;
 u8 prio_tc_map[15 + 1];
 unsigned int fcoe_ddp_xid;
 struct netprio_map *priomap;
 struct phy_device *phydev;
 struct sfp_bus *sfp_bus;
 struct lock_class_key *qdisc_tx_busylock;
 bool proto_down;
 bool threaded;
 struct list_head net_notifier_list;
 const struct macsec_ops *macsec_ops;
 const struct udp_tunnel_nic_info *udp_tunnel_nic_info;
 struct udp_tunnel_nic *udp_tunnel_nic;
 struct ethtool_netdev_state *ethtool;
 struct bpf_xdp_entity xdp_state[__MAX_XDP_MODE];
 u8 dev_addr_shadow[32];
 netdevice_tracker linkwatch_dev_tracker;
 netdevice_tracker watchdog_dev_tracker;
 netdevice_tracker dev_registered_tracker;
 struct rtnl_hw_stats64 *offload_xstats_l3;
 struct devlink_port *devlink_port;
 struct dpll_pin *dpll_pin;
 struct hlist_head page_pools;
 struct dim_irq_moder *irq_moder;
 u8 priv[] __attribute__((__aligned__((1 << (6)))))
           __attribute__((__counted_by__(priv_len)));
} __attribute__((__aligned__((1 << (6)))));

Unfortunately, while I caught this a few days ago, it took cvise three days to reduce net/core/dev.i into

void fortify_memset_chk(long);
typedef struct {
  char __padding[0];
} spinlock_t;
struct {
  struct netdev_name_node *name_node;
  int priv_len;
  spinlock_t pcpu_refcnt;
  char priv[] __attribute__((__counted_by__(priv_len)));
} *init_dummy_netdev_dev;
void init_dummy_netdev() {
  long __fortify_size = __builtin_dynamic_object_size(init_dummy_netdev_dev, 1);
  fortify_memset_chk(__fortify_size);
}

as a trivial reproducer:

$ clang -O2 -Wall -Wextra -c -o /dev/null dev.i

$ clang -O2 -Wall -Wextra -fstrict-flex-arrays=3 -c -o /dev/null dev.i
clang: /home/nathan/cbl/src/dev/llvm-project/clang/lib/CodeGen/CodeGenTypes.cpp:792: const CGRecordLayout &clang::CodeGen::CodeGenTypes::getCGRecordLayout(const RecordDecl *): Assertion `I != CGRecordLayouts.end() && "Unable to find record layout information for type"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang -O2 -Wall -Wextra -fstrict-flex-arrays=3 -c -o /dev/null dev.i
1.      <eof> parser at end of file
2.      dev.i:11:6: LLVM IR generation of declaration 'init_dummy_netdev'
3.      dev.i:11:6: Generating code for declaration 'init_dummy_netdev'
 #0 0x00000000031bf05c llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x31bf05c)
 #1 0x00000000031bcfa8 llvm::sys::RunSignalHandlers() (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x31bcfa8)
 #2 0x000000000314786c CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x0000ffff90c117f0 (linux-vdso.so.1+0x7f0)
 #4 0x0000ffff905c85e0 __pthread_kill_implementation (/lib64/libc.so.6+0x985e0)
 #5 0x0000ffff90575a00 gsignal (/lib64/libc.so.6+0x45a00)
 #6 0x0000ffff90560288 abort (/lib64/libc.so.6+0x30288)
 #7 0x0000ffff9056e400 __assert_fail_base (/lib64/libc.so.6+0x3e400)
 #8 0x0000ffff9056e474 (/lib64/libc.so.6+0x3e474)
 #9 0x0000000003441d84 clang::CodeGen::CodeGenTypes::isPointerZeroInitializable(clang::QualType) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3441d84)
#10 0x000000000350bde0 getGEPIndicesToField(clang::CodeGen::CodeGenFunction&, clang::RecordDecl const*, clang::FieldDecl const*, llvm::SmallVector<std::pair<clang::RecordDecl const*, llvm::Value*>, 8u>&) CGExpr.cpp:0:0
#11 0x000000000350be60 getGEPIndicesToField(clang::CodeGen::CodeGenFunction&, clang::RecordDecl const*, clang::FieldDecl const*, llvm::SmallVector<std::pair<clang::RecordDecl const*, llvm::Value*>, 8u>&) CGExpr.cpp:0:0
#12 0x00000000035098f4 clang::CodeGen::CodeGenFunction::EmitCountedByFieldExpr(clang::Expr const*, clang::FieldDecl const*, clang::FieldDecl const*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35098f4)
#13 0x0000000003768094 clang::CodeGen::CodeGenFunction::emitFlexibleArrayMemberSize(clang::Expr const*, unsigned int, llvm::IntegerType*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3768094)
#14 0x0000000003767828 clang::CodeGen::CodeGenFunction::emitBuiltinObjectSize(clang::Expr const*, unsigned int, llvm::IntegerType*, llvm::Value*, bool) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3767828)
#15 0x000000000376fc4c clang::CodeGen::CodeGenFunction::EmitBuiltinExpr(clang::GlobalDecl, unsigned int, clang::CallExpr const*, clang::CodeGen::ReturnValueSlot) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x376fc4c)
#16 0x0000000003521e88 clang::CodeGen::CodeGenFunction::EmitCallExpr(clang::CallExpr const*, clang::CodeGen::ReturnValueSlot) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3521e88)
#17 0x0000000003539728 (anonymous namespace)::ScalarExprEmitter::VisitCallExpr(clang::CallExpr const*) CGExprScalar.cpp:0:0
#18 0x0000000003527528 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) CGExprScalar.cpp:0:0
#19 0x00000000035427f0 (anonymous namespace)::ScalarExprEmitter::VisitCastExpr(clang::CastExpr*) CGExprScalar.cpp:0:0
#20 0x00000000035273fc clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35273fc)
#21 0x000000000356304c clang::CodeGen::CodeGenFunction::EmitScalarInit(clang::Expr const*, clang::ValueDecl const*, clang::CodeGen::LValue, bool) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x356304c)
#22 0x0000000003568488 clang::CodeGen::CodeGenFunction::EmitExprAsInit(clang::Expr const*, clang::ValueDecl const*, clang::CodeGen::LValue, bool) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3568488)
#23 0x0000000003565778 clang::CodeGen::CodeGenFunction::EmitAutoVarInit(clang::CodeGen::CodeGenFunction::AutoVarEmission const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3565778)
#24 0x0000000003560bcc clang::CodeGen::CodeGenFunction::EmitVarDecl(clang::VarDecl const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3560bcc)
#25 0x00000000035606b0 clang::CodeGen::CodeGenFunction::EmitDecl(clang::Decl const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35606b0)
#26 0x00000000035e7710 clang::CodeGen::CodeGenFunction::EmitDeclStmt(clang::DeclStmt const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35e7710)
#27 0x00000000035dc5dc clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35dc5dc)
#28 0x00000000035db7ac clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35db7ac)
#29 0x00000000035e8754 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x35e8754)
#30 0x00000000034ee8b8 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x34ee8b8)
#31 0x00000000033bae48 clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x33bae48)
#32 0x00000000033b2694 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x33b2694)
#33 0x00000000033b6d64 clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x33b6d64)
#34 0x00000000033b1278 clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x33b1278)
#35 0x000000000394e8a4 (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) ModuleBuilder.cpp:0:0
#36 0x000000000394630c clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x394630c)
#37 0x0000000004b65cb4 clang::ParseAST(clang::Sema&, bool, bool) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x4b65cb4)
#38 0x0000000003d0d360 clang::FrontendAction::Execute() (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3d0d360)
#39 0x0000000003c9254c clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3c9254c)
#40 0x0000000003dda6e4 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3dda6e4)
#41 0x0000000001ee8dc0 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x1ee8dc0)
#42 0x0000000001ee5c98 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#43 0x0000000003b36224 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#44 0x00000000031475d4 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x31475d4)
#45 0x0000000003b35804 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3b35804)
#46 0x0000000003afcc04 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3afcc04)
#47 0x0000000003afce50 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3afce50)
#48 0x0000000003b1611c clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x3b1611c)
#49 0x0000000001ee506c clang_main(int, char**, llvm::ToolContext const&) (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x1ee506c)
#50 0x0000000001ef3798 main (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x1ef3798)
#51 0x0000ffff90560b5c __libc_start_call_main (/lib64/libc.so.6+0x30b5c)
#52 0x0000ffff90560c3c __libc_start_main@GLIBC_2.17 (/lib64/libc.so.6+0x30c3c)
#53 0x0000000001ee38b0 _start (/home/nathan/tmp/cbl-triage.FastMfPNsN/install/llvm-asserts/bin/clang-19+0x1ee38b0)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
ClangBuiltLinux clang version 19.0.0git (https://github.com/llvm/llvm-project.git 41209075dabc39eb65ae183c5363ea39b8c74e82)
...

cc @kees @bwendling

[kees]

Oh wow, great find and thank you for the reduction! There is so much happening here. I assume it's the [0] array in spinlock_t (which is correctly a 0 sized array), but I see the crash is in clang::CodeGen::CodeGenTypes::isPointerZeroInitializable which suggests root cause may be -ftrivial-auto-var-init?

[nathanchance]

Hmmm, I don't think so since the reproducer does not require it and my brief glance over the file that contains that doesn't make it seem like that code is related much to -ftrivial-auto-var-init but I could be wrong!

[kees]

Gotcha. Yeah I was just guessing from the naming.

[bwendling]

See llvm/llvm-project#99574 for a fix.

[bwendling]

I submitted the PR. Does this need to be backported?

[nathanchance]

I don't think the LLVM 18 branch is active anymore, so I don't think there is anywhere to actually backport it :) since this appears to only be an assertion failure, I think it is fine to leave it alone until someone else complains about it (and even then, not sure how to workaround it anyways).