<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/126305>126305</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang crashes on valid code at -O{s,2,3} on x86_64-linux-gnu: Segmentation fault (core dumped)
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
zhendongsu
</td>
</tr>
</table>
<pre>
It appears to be a regression from 13.0.0 and affects 14.0.0 and later.
Compiler Explorer: https://godbolt.org/z/M1991hr37
```
[509] % clangtk -v
clang version 21.0.0git (https://github.com/llvm/llvm-project.git 4d7192a5ecabb36263a2cacd4e9243b958424805)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/software/local/clang-trunk/bin
Build config: +assertions
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Candidate multilib: .;@m64
Selected multilib: .;@m64
[510] %
[510] % clangtk -O3 small.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /local/suz-local/software/local/clang-trunk/bin/clang-21 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -main-file-name small.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/local/suz-local/software/emitesting/bugs/20250207-clangtk-m64-O3-build-172826/delta -fcoverage-compilation-dir=/local/suz-local/software/emitesting/bugs/20250207-clangtk-m64-O3-build-172826/delta -resource-dir /local/suz-local/software/local/clang-trunk/lib/clang/21 -I /usr/local/include -I /local/suz-local/software/local/include -internal-isystem /local/suz-local/software/local/clang-trunk/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/small-f51eec.o -x c small.c
1. <eof> parser at end of file
2. Optimizer
3. Running pass "require<globals-aa>,function(invalidate<aa>),require<profile-summary>,cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;no-prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide)),function(invalidate<should-not-run-function-passes>),cgscc(devirt<4>())" on module "small.c"
4. Running pass "cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;no-prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide))" on module "small.c"
5. Running pass "loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full)" on function "main"
#0 0x000055ac714688af llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x45368af)
#1 0x000055ac71466084 SignalHandler(int) Signals.cpp:0:0
#2 0x00007f08737cc420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
#3 0x000055ac7043514e llvm::ScalarEvolution::getConstantMultipleImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350314e)
#4 0x000055ac7043486b llvm::ScalarEvolution::getConstantMultiple(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350286b)
#5 0x000055ac70434bbb llvm::ScalarEvolution::getMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3502bbb)
#6 0x000055ac7043553d llvm::ScalarEvolution::getConstantMultipleImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350353d)
#7 0x000055ac7043486b llvm::ScalarEvolution::getConstantMultiple(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350286b)
#8 0x000055ac70434bbb llvm::ScalarEvolution::getMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3502bbb)
#9 0x000055ac704355f8 llvm::ScalarEvolution::getConstantMultipleImpl(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x35035f8)
#10 0x000055ac7043486b llvm::ScalarEvolution::getConstantMultiple(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350286b)
#11 0x000055ac70434bbb llvm::ScalarEvolution::getMinTrailingZeros(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3502bbb)
#12 0x000055ac7043d90b llvm::ScalarEvolution::getRangeRef(llvm::SCEV const*, llvm::ScalarEvolution::RangeSignHint, unsigned int) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350b90b)
#13 0x000055ac704400f6 llvm::ScalarEvolution::isKnownNonNegative(llvm::SCEV const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350e0f6)
#14 0x000055ac70459ae6 llvm::ScalarEvolution::getGEPExpr(llvm::GEPOperator*, llvm::SmallVectorImpl<llvm::SCEV const*> const&) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3527ae6)
#15 0x000055ac70459d01 llvm::ScalarEvolution::createNodeForGEP(llvm::GEPOperator*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3527d01)
#16 0x000055ac7043b994 llvm::ScalarEvolution::createSCEV(llvm::Value*) (.part.0) ScalarEvolution.cpp:0:0
#17 0x000055ac7043c4f1 llvm::ScalarEvolution::createSCEVIter(llvm::Value*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x350a4f1)
#18 0x000055ac70465de4 llvm::ScalarEvolution::computeSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3533de4)
#19 0x000055ac704665ba llvm::ScalarEvolution::getSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x35345ba)
#20 0x000055ac70465df7 llvm::ScalarEvolution::computeSCEVAtScope(llvm::SCEV const*, llvm::Loop const*) (/local/suz-local/software/local/clang-trunk/bin/clang-21+0x3533df7)
...
clangtk: error: unable to execute command: Segmentation fault
clangtk: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 21.0.0git (https://github.com/llvm/llvm-project.git 4d7192a5ecabb36263a2cacd4e9243b958424805)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/software/local/clang-trunk/bin
Build config: +assertions
clangtk: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clangtk: note: diagnostic msg: /tmp/small-072923.c
clangtk: note: diagnostic msg: /tmp/small-072923.sh
clangtk: note: diagnostic msg:
********************
[511] %
[511] % cat small.c
int a[1], b, c, d, e, f, g, h, i;
int main() {
if (b) {
for (c = 0; c - 20; --c)
if (i)
i = 0;
for (; g; g++)
for (d = 0; d < 8; d++)
for (h = 0; h < 7; h++)
for (e = 0; e < 9; e++)
for (f = 0; f < 4; f++) {
b = a[b];
b = a[b];
b = a[b & 5];
}
}
}
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzsW99y2zazfxr4BgMNCZL6c-ELibaSzEnrTJzTb-bceEBgSaEGAR4AlO08_TcAKUuWndhtkrbp2CNTELjY3d9id7EkQeacbDTAKSpWqDg7Yb3fGHv6eQNaGN24_qQy4u70nces64BZh73BFWCGLTQWnJNG49qaFqfZJJkkmGmBWV0D9w6n-X2XYh7sBKNkiZJladpOKrD4_LZTxoJF2RJvvO8cypaIrhFdN0ZURvmJsQ2i68-Irn9JF4t0Y7PZwANNk_GTLFGxKpIFKs4wogXmiunGX2OyRcky_sBbsFFRmgaFGukxovMjgdJv-mrCTYvoWqnt7ot01vwO3E_CqFzM0gVlBXBWVdmUTjNGOeMihwXNs2pRzHOaz5MC0QVKlp-YbcAHbLfz6dU0J72-1uZGEyV1f0sa3QeijQUmcGsEqEDaGSdvUbJ8p51nSoE4k9E8QR3DmUJ07frP5L5tan_DLBycjpCJt72-RnRdSY2S5aqXSmBudC2bgduKOQfWS6MdSpZr02uBOdNCCuYBvylLLAcNWKAZNeidDYJkFQzGOaLrEdkeEV2nyfdmmH5nhmFyLkEB9yC-XbPyXqe2V16GIdkST1C2QnnSTvNDYV-kCC6cJjsXftRx79MXGXYtU2rCUbL88P58eXmOXV-10mOGq77BFjpjfYjSP-bfiK6lcz04RNcxYqXmqheA_QYwt8xtcMX4tbeMA6Il7ix01nBwDgR2prdDdwx_5wyXLOC1vcaOW9n5STCDZ_wai77tglrJMpmgZPHBmsayFjPb9C1o777V23d9NMWE8xQTb2Wn4ItBiAm00hNT_Y5J0E1IixnBREjHKgWktgCYcAXMEuY8qaA2FkiwBmiBScukJrVUQDRrYTc9mLQWgpLBp0gMb9xJjkknOVGwBYXp8EM60knApK0ta4F0RmofUuKZNhowqVvmNwSs1QaTuu4INzrMgkfZmdGY1NoQG4JD6oYEWkxabrTztufeWMKUZA4cJnWvb6QWxAdUDmVnFBMfUxThXR_MQ6Y5Jr7XEDsa0GCDxgKqvmnAhlNSNyg7a0SFSR37CY_JfIApQq46e37ygsHB-cCMrqu-CU5HE1okNJmR0ddJO83JRUaqkLpIOqNzOkV0LUB5hknNzRYsa-Bvkm9h8Pkg8k9765BdYl9QIMXk3UHqGYfs4nA490I594OiL2mmiHR3zkP73XR9TsgXQHyF9NlUS9eTyePDE7SPpcFtaPDHUkfSJ_h8ffQfFxFzN6nBWmOJkiFjpwtM6kb3nIwFCsrO8gmdpJjU7lp2xAhL-Ab4NZGaNG0d_V4ZS4RkjTbOS-4w2UIIdPkZiDKme9DhVIdJzYSwTjaYnF1dvSnLq7fL386vzv6z_LimV-X63dXy8heUnaWYmKC1b7vgECGNkbpIAfjEYHKL-cHKk4bMjbISTI2yc9wx68Bi5nHIiKbGIR2iZEkD2UXnZSs_g0XJMgsdH3sd8gjumHMYUWrh_3tpAWVlo0zFlCOMoewc0bLuNY9rMp1LvWUqLrMoK8fzC0TL_eDOmpiFXd-2zN4NHHjjgkfNBWyl9Sgr89g_l1pJDQciCPPeOpSV0fDaaGKB99bJLZBjmsCY2aazpjWDeqXpQLcdMZ0no8i98lkJLKRPqbcoW4V0DbbXgx7OGoaysjVC1neE183AHZhVd4S7gKuF1rnRIK4D3odktwUCt8D7UYDR6o7Imgi5BduA9mNmH0b93rcd8bHQjCmv5MZaCCW5CMt_xxo2wnCy7ZSs76IiZWV070gojuJotzFKBEcZUNTG3jAriLuRnm_CsiRQthp_WaYbIN4QycNqH-jHM94EN73uQ-81QDc47UCyMdL5kNFbo6PcB_3KMOGI88aCIzfSDzJJzUJRFdalKEXq62MOO6sBqZTh17FrBDqwqCzTfDMyuCfudWdBSL5bMIMpA0tu2io4T1a27JZID5YNdfS9abZgA-9a3sbVfPSYZrhg2gI55EJLJSvOlHLEbazU1zeWdYiWnkkVukHJ9nVmnp8ZC_d1Z_TwUAExqT0JBpR65-EBE4kBReexHVUZZe7OHxo7zA9vUVZqQ5hS5uY-Bs0Qw8MQa_yQmzbABFgi-k5JPlIF7UPBzCyEySHKm3HowPppvlGLIamTXg-TFPXQ3sqtZAplq_vWmA5f3eTHBXDAee81QoYrqVJqsWXWhZR96y0jT80ZCQtduLAaPEWAgkNn7LU1YantlRrn8Ok1YVjVyT5vtEo4T8YlKPqn65T0pDbGgyVVNYxrtuHs6FKch9xSiXi19g22ePmSwgZZLbS8uzOdR7QULvaYLRDWBxfT0h-H5lcCYzGIMyGyQ-n2tzr9t3r8P9bdF4-LowcF2b7wchvTK0G08cT2el8tjW7_YMqih-5-MK1D1gy041QuHso9rvteKukLRd-OP8VG49aIXkGoP3dlLaUoWeZPVaivVeRrFfnPiMrXKvK1inytIv92N3mtIl-ryNcq8p9dRX6tyiueqvL-osiMeu3gBbktk3pQC2NEswQnt0mSJEXB-CzNp_M5q3F8YpctUbZ0d25ofLBS-_hI7dPwUG6-J7Ls5so4b4G1iE4RLXGYELrAsQr-Hs_WEF0lt3mRTeesHh53R-XTI-WnyTzHl7LRTL1lWiiwsWyOugzdbsK7DmXLJP6PbOjIZlYn81k24zynCb66shCD4Mr6HZD40OCJRwBKVt2QWCbOTJKobZrnNDnQNTvUNcmzIs3hwNCXnClmz7dGjfVx6GzAl6EoYNr_EqKvU_Cu7dQD41-W57_hWDoguvz-Rs-KJEtzOACSHwHJ59PqTwD5i0HQ-bQ6AFEcg6iql4D4RepPlkkldfN_YI37q0FU1SGI6bFLFZn4SVyqyMQBkNm_waXm_waXWjxyqXr-s7hUPR-BhJUh-dldKoBIf3aXCiDoEQixSF4C4mOoaz9C_TXly-f4RCZh5X8bq4AS9zruQBQ_pkLJiqRaJIfgj1b9PEnq6XNKS_c_2tzoX43-FZp43-wvnkBI6ukBhqMFv1gweBZDA_7N-Yfz284-0P3N-YeLLtTyxj6ewFAy_xYvGGP6yMovYc7Od-3pj8BPZwwO8RfH-EWSPoefW2AefjUC1sa-Of_wVSv8CAgiSQ8gHFcK1WKRvwxCsPwD5X9jqoe92pOOWR9K3gU-4nJcaQc9jhd6ntcvNGXQ450H-zVdvm8UsLw-NOHR8j4tBDxvQtN2_aD70l9y0301kg-D4b0x3Q8N8iwTkB_AO1r4p9OiYi8I8n8ktLyo2B4aTR7NXD37uWeung3wJpPJbte5v0bZEsf9XqHRa1YpwN7g4ZELYG7almkRTl5C04Ie7mLgeF_nC1yG_ey1NdqDFjsWuGZSgcCijwJcvLAOMHsHmGxjHwCWejtuSB2Ufd0c_6LN8QfzoI2H8L3ff4dbNwxKltG7_uwnvtQwbuhefvq0LN_iT2_P8fri_fuL_7z79Q1ev3t_fok_XcTu1f--wR_PP1x8_DTspP7w1G7suQvO_sUd2fcEFnDcqAwCMz_wexnkh3sFkxld0CxuD_yG4W7zRyz-7UYvVkWaHu-7v-_gzB_sepTaY4aKVTgdUkwVDjwcRDjEDfB1ODThsIm33VC2GkcOt_nmMQHNVvHyTtYh1qrDLoxrY0Mvxyg7wwnKVphjgmlsEcLHNDoMlbsLxeFP3o95yCsMbYYDXcXPftRIIvbiQrPEcZB4QD-Sbvakm0g6i83HrA_Yw34MxDGL2HyKfb0nrSNpHpv3pAem2v9VcVCYnCpMTvZCioNOjOgUF08ORrOz4Wo8fo_Hg_ePTsRpJhbZgp3AaTrL5otpms3yk81pkmULgJzVvKh5ndI0S5OMTRmDFOq6oifydLftnCb5Issn85rzRNBZAjWwLJ-hPIGWSTUJ6XZibHMS39I4Tek0S4oTxSpQLr68Rem4OZui4uzEnsb8HPe254mSzrs9Cy-9gtMh-8dXO8Bho3HcaIG5EYCZx-QCzVYO0ZIiWmZodhZIHt1pfXLtiu5rLMRXPUAgujjprTr98y-kjGi3p_S_AQAA__9aPNwW">