[Bug tree-optimization/121321] New: UBSAN error in get_object_alignment_2 (signed integer overflow: 2305843009213694039 * 8 cannot be represented in type 'long int')

sjames at gcc dot gnu.org via Gcc-bugs Wed, 30 Jul 2025 16:49:27 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121321


            Bug ID: 121321
           Summary: UBSAN error in get_object_alignment_2 (signed integer
                    overflow: 2305843009213694039 * 8 cannot be
                    represented in type 'long int')
           Product: gcc
           Version: 16.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sjames at gcc dot gnu.org
            Blocks: 63426
  Target Milestone: ---

```
$ export
UBSAN_OPTIONS="halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1"
$ g++ -c ./storage/innobase/CMakeFiles/innobase.dir/lock/lock0lock.cc.ii
-march=znver3 -mshstk -O2
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/gcc/poly-int.h:1026:5:
runtime error: signed integer overflow: 2305843009213694039 * 8 cannot be
represented in type 'long int'
    #0 0x556acc5f2a94 in poly_int<1u, poly_result<long, if_nonpoly<int, int,
poly_int_traits<int>::is_poly>::type, poly_coeff_pair_traits<long,
if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type>::result_kind>::type>
operator*<1u, long, int>(poly_int<1u, long> const&, int const&)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/poly-int.h:1026
    #1 0x556acc5f2a94 in get_object_alignment_2(tree_node*, unsigned int*,
unsigned long*, bool)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:341
    #2 0x556acc5f2d05 in get_object_alignment_1(tree_node*, unsigned int*,
unsigned long*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:395
    #3 0x556acc5f2d05 in get_object_alignment(tree_node*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:406
    #4 0x556accceaf03 in expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**, bool)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:11895
    #5 0x556accd3d4fd in store_expr(tree_node*, rtx_def*, int, bool, bool)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:6762
    #6 0x556accd5a814 in expand_assignment(tree_node*, tree_node*, bool)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:6483
    #7 0x556acc6e76af in expand_gimple_stmt_1
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:4301
    #8 0x556acc6e76af in expand_gimple_stmt
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:4382
    #9 0x556acc703c16 in expand_gimple_basic_block
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:6501
    #10 0x556acc70abba in execute
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:7248
    #11 0x556acdc8df30 in execute_one_pass(opt_pass*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2648
    #12 0x556acdc90db0 in execute_pass_list_1
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2757
    #13 0x556acdc90ebc in execute_pass_list(function*, opt_pass*)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/passes.cc:2768
    #14 0x556acc8aca8e in cgraph_node::expand()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:1859
    #15 0x556acc8aca8e in cgraph_node::expand()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:1812
    #16 0x556acc8be7ed in expand_all_functions
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2042
    #17 0x556acc8be7ed in symbol_table::compile()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2419
    #18 0x556acc8bf5b0 in symbol_table::compile()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2329
    #19 0x556acc8bf5b0 in symbol_table::finalize_compilation_unit()
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cgraphunit.cc:2608
    #20 0x556ace2f1690 in compile_file
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:480
    #21 0x556acb6b4814 in do_compile
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:2220
    #22 0x556acb6b4814 in toplev::main(int, char**)
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:2383
    #23 0x556acb6b8024 in main
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/main.cc:39
    #24 0x7fe71fe277ca  (/usr/lib64/libc.so.6+0x277ca)
    #25 0x7fe71fe27879 in __libc_start_main (/usr/lib64/libc.so.6+0x27879)
    #26 0x556acb6b8524 in _start
(/usr/libexec/gcc/x86_64-pc-linux-gnu/16/cc1plus+0x7b67524)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/gcc/poly-int.h:1026:5
 
during RTL pass: expand
In file included from
/var/tmp/portage/dev-db/mariadb-11.8.2/work/mysql/storage/innobase/lock/lock0lock.cc:36:
In function ‘byte lock_rec_reset_nth_bit(ib_lock_t*, ulint)’,
    inlined from ‘void lock_rec_cancel(ib_lock_t*)’ at
/var/tmp/portage/dev-db/mariadb-11.8.2/work/mysql/storage/innobase/lock/lock0lock.cc:2524:25,
    inlined from ‘void lock_rec_reset_and_release_wait(const hash_cell_t&,
page_id_t, ulint)’ at
/var/tmp/portage/dev-db/mariadb-11.8.2/work/mysql/storage/innobase/lock/lock0lock.cc:2698:22:
/var/tmp/portage/dev-db/mariadb-11.8.2/work/mysql/storage/innobase/include/lock0priv.h:488:23:
internal compiler error: Aborted
  488 |         byte    bit = *b & mask;
      |                       ^~
0x556ad3c389ef internal_error(char const*, ...)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/diagnostic-global-context.cc:534
0x556ace2ef2d7 crash_signal
        /usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/toplev.cc:323
0x556acb6b0c2e __sanitizer::Abort()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:163
0x556ad4100e6b __sanitizer::Die()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
0x556ad4101ab6 __ubsan::ScopedReport::~ScopedReport()
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_diag.cpp:402
0x556ad40f6a0e handleIntegerOverflowImpl<__ubsan::Value>
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_handlers.cpp:231
0x556ad40fa97c __ubsan_handle_mul_overflow
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/libsanitizer/ubsan/ubsan_handlers.cpp:246
0x556acc5f2a94 poly_int<1u, poly_result<long, if_nonpoly<int, int,
poly_int_traits<int>::is_poly>::type, poly_coeff_pair_traits<long,
if_nonpoly<int, int, poly_int_traits<int>::is_poly>::type>::result_kind>::type>
operator*<1u, long, int>(poly_int<1u, long> const&, int const&)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/poly-int.h:1026
0x556acc5f2a94 get_object_alignment_2(tree_node*, unsigned int*, unsigned
long*, bool)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:341
0x556acc5f2d05 get_object_alignment_1(tree_node*, unsigned int*, unsigned
long*)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:395
0x556acc5f2d05 get_object_alignment(tree_node*)
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/builtins.cc:406
0x556accceaf03 expand_expr_real_1(tree_node*, rtx_def*, machine_mode,
expand_modifier, rtx_def**, bool)
        /usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:11895
0x556accd3d4fd store_expr(tree_node*, rtx_def*, int, bool, bool)
        /usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:6762
0x556accd5a814 expand_assignment(tree_node*, tree_node*, bool)
        /usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/expr.cc:6483
0x556acc6e76af expand_gimple_stmt_1
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:4301
0x556acc6e76af expand_gimple_stmt
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:4382
0x556acc703c16 expand_gimple_basic_block
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:6501
0x556acc70abba execute
       
/usr/src/debug/sys-devel/gcc-16.0.9999/gcc-16.0.9999/gcc/cfgexpand.cc:7248
Please submit a full bug report, with preprocessed source (by using
-freport-bug).
Please include the complete backtrace with any bug report.
See <https://bugs.gentoo.org/> for instructions.
```

```
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/16/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-pc-linux-gnu
Configured with:
/var/tmp/portage/sys-devel/gcc-16.0.9999/work/gcc-16.0.9999/configure
--host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr
--bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/16
--includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/16/info
--with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/16/include/g++-v16
--disable-silent-rules --disable-dependency-tracking
--with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/16/python
--enable-libphobos --enable-objc-gc
--enable-languages=c,c++,d,objc,obj-c++,fortran,ada,rust --enable-obsolete
--enable-secureplt --disable-werror --with-system-zlib --enable-nls
--without-included-gettext --disable-libunwind-exceptions
--enable-checking=release --with-bugurl=https://bugs.gentoo.org/
--with-pkgversion='Gentoo 16.0.9999 p, commit
8cda62318174b911a7cba57fcf70efd38f265f0e' --with-gcc-major-version-only
--enable-libstdcxx-time --enable-lto --disable-libstdcxx-pch --enable-shared
--enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
--enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point
--enable-targets=all --enable-offload-defaulted
--enable-offload-targets=nvptx-none --enable-libgomp --disable-libssp
--enable-libada --enable-cet --disable-systemtap --enable-valgrind-annotations
--disable-vtable-verify --disable-libvtv --with-zstd --without-isl
--enable-default-pie --enable-host-pie --enable-host-bind-now
--enable-default-ssp --disable-fixincludes
--with-gxx-libcxx-include-dir=/usr/include/c++/v1
--with-build-config='bootstrap-ubsan bootstrap-cet'
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 16.0.0 20250730 (experimental)
7aa9565a62ea2ce04e2ddf61e1932bc123374988 (Gentoo 16.0.9999 p, commit
8cda62318174b911a7cba57fcf70efd38f265f0e)
```


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63426
[Bug 63426] [meta-bug] Issues found with -fsanitize=undefined

[Bug tree-optimization/121321] New: UBSAN error in get_object_alignment_2 (signed integer overflow: 2305843009213694039 * 8 cannot be represented in type 'long int')

Reply via email to