randstruct: Causes Internal Compiler Error when building kernel with GCC 15

[bauermann]

With GCC trunk (which will become GCC 15), the randomize layout plugin hits a GCC assert in comptypes_check_enum_int() which was introduced by GCC commit d2cfe8a73b3c ("C23: allow aliasing for types derived from structs with variable size"):

$ make V=1 ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- HOSTCC=gcc O=/home/bauermann/.cache/builds/linux-cross-arm64
make  -C /home/bauermann/.cache/builds/linux-cross-arm64 \
-f /home/bauermann/src/linux/Makefile
make[1]: Entering directory '/home/bauermann/.cache/builds/linux-cross-arm64'
   ⋮
# CC      arch/arm64/kernel/kexec_image.o
  aarch64-linux-gnu-gcc -Wp,-MMD,arch/arm64/kernel/.kexec_image.o.d -nostdinc -I/home/bauermann/src/linux/arch/arm64/include -I./arch/arm64/include/generated -I/home/bauermann/src/linux/include -I./include -I/home/bauermann/src/linux/arch/arm64/include/uapi -I./arch/arm64/include/generated/uapi -I/home/bauermann/src/linux/include/uapi -I./include/generated/uapi -include /home/bauermann/src/linux/include/linux/compiler-version.h -include /home/bauermann/src/linux/include/linux/kconfig.h -include /home/bauermann/src/linux/include/linux/compiler_types.h -D__KERNEL__ -mlittle-endian -DCC_USING_PATCHABLE_FUNCTION_ENTRY -DKASAN_SHADOW_SCALE_SHIFT= -fmacro-prefix-map=/home/bauermann/src/linux/= -Werror -std=gnu11 -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -mgeneral-regs-only -DCONFIG_CC_HAS_K_CONSTRAINT=1 -Wno-psabi -mabi=lp64 -fno-asynchronous-unwind-tables -fno-unwind-tables -mbranch-protection=pac-ret -Wa,-march=armv8.5-a -DARM64_ASM_ARCH='"armv8.5-a"' -ffixed-x18 -DKASAN_SHADOW_SCALE_SHIFT= -fno-delete-null-pointer-checks -O2 -fno-allow-store-data-races -fno-reorder-blocks -fno-ipa-cp-clone -fno-partial-inlining -fstack-protector-strong -fno-omit-frame-pointer -fno-optimize-sibling-calls -ftrivial-auto-var-init=pattern -fno-stack-clash-protection -fzero-call-used-regs=used-gpr -fpatchable-function-entry=4,2 -fno-inline-functions-called-once -fsanitize=shadow-call-stack -fmin-function-alignment=64 -fstrict-flex-arrays=3 -fno-strict-overflow -fno-stack-check -fconserve-stack -Wall -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs -Wno-frame-address -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=2048 -Wno-main -Wno-dangling-pointer -Wvla -Wno-pointer-sign -Wcast-function-type -Wno-stringop-overflow -Wno-array-bounds -Wno-alloc-size-larger-than -Wimplicit-fallthrough=5 -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -Wenum-conversion -Wextra -Wunused -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-packed-not-aligned -Wno-format-overflow -Wno-format-truncation -Wno-stringop-truncation -Wno-override-init -Wno-missing-field-initializers -Wno-type-limits -Wno-shift-negative-value -Wno-maybe-uninitialized -Wno-sign-compare -Wno-unused-parameter -DRANDSTRUCT -fplugin=./scripts/gcc-plugins/randomize_layout_plugin.so -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=1296   -fsanitize=bounds-strict -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=bool -fsanitize=enum    -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp  -fsanitize=thread -fno-optimize-sibling-calls  --param tsan-distinguish-volatile=1 -Wno-tsan  -I/home/bauermann/src/linux/arch/arm64/kernel -Iarch/arm64/kernel    -DKBUILD_MODFILE='"arch/arm64/kernel/kexec_image"' -DKBUILD_BASENAME='"kexec_image"' -DKBUILD_MODNAME='"kexec_image"' -D__KBUILD_MODNAME=kmod_kexec_image -c -o arch/arm64/kernel/kexec_image.o /home/bauermann/src/linux/arch/arm64/kernel/kexec_image.c
*** WARNING *** there are active plugins, do not report this as a bug unless you can reproduce it without enabling any plugins.
Event                            | Plugins
PLUGIN_FINISH_TYPE               | randomize_layout_plugin
PLUGIN_FINISH_DECL               | randomize_layout_plugin
PLUGIN_ATTRIBUTES                | randomize_layout_plugin
PLUGIN_ALL_IPA_PASSES_START      | randomize_layout_plugin
/home/bauermann/src/linux/arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1496
  132 | const struct kexec_file_ops kexec_image_ops = {
      |              ^~~~~~~~~~~~~~
0x24667c6 internal_error(char const*, ...)
        /path/to/gcc.git/gcc/diagnostic-global-context.cc:517
0x9be96d fancy_abort(char const*, int, char const*)
        /path/to/gcc.git/gcc/diagnostic.cc:1704
0x77ac58 comptypes_check_enum_int(tree_node*, tree_node*, bool*)
        /path/to/gcc.git/gcc/c/c-typeck.cc:1496
0x77ac58 comptypes_check_enum_int(tree_node*, tree_node*, bool*)
        /path/to/gcc.git/gcc/c/c-typeck.cc:1490
0x9d3974 diagnose_mismatched_decls
        /path/to/gcc.git/gcc/c/c-decl.cc:2169
0x9d5d62 duplicate_decls
        /path/to/gcc.git/gcc/c/c-decl.cc:3165
0x9d8e09 pushdecl(tree_node*)
        /path/to/gcc.git/gcc/c/c-decl.cc:3372
0x9ee478 start_decl(c_declarator*, c_declspecs*, bool, tree_node*, bool, unsigned long*)
        /path/to/gcc.git/gcc/c/c-decl.cc:5773
0xa3ce19 c_parser_declaration_or_fndef
        /path/to/gcc.git/gcc/c/c-parser.cc:2784
0xa7a9c7 c_parser_external_declaration
        /path/to/gcc.git/gcc/c/c-parser.cc:2069
0xa7b950 c_parser_translation_unit
        /path/to/gcc.git/gcc/c/c-parser.cc:1923
0xa7b950 c_parse_file()
        /path/to/gcc.git/gcc/c/c-parser.cc:29055
0xafc269 c_common_parse_file()
        /path/to/gcc.git/gcc/c-family/c-opts.cc:1389
Please submit a full bug report, with preprocessed source (by using -freport-bug).
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
make[5]: *** [/home/bauermann/src/linux/scripts/Makefile.build:194: arch/arm64/kernel/kexec_image.o] Error 1
make[4]: *** [/home/bauermann/src/linux/scripts/Makefile.build:440: arch/arm64/kernel] Error 2
make[3]: *** [/home/bauermann/src/linux/scripts/Makefile.build:440: arch/arm64] Error 2
make[2]: *** [/home/bauermann/src/linux/Makefile:1989: .] Error 2
make[1]: *** [/home/bauermann/src/linux/Makefile:251: __sub-make] Error 2
make[1]: Leaving directory '/home/bauermann/.cache/builds/linux-cross-arm64'
make: *** [Makefile:251: __sub-make] Error 2

This is the backtrace of cc1 obtained with GDB:

#0  fancy_abort (file=file@entry=0x266d678 "/path/to/gcc.git/gcc/c/c-typeck.cc", line=line@entry=1496, function=function@entry=0x256de5a "comptypes_check_enum_int") at /path/to/gcc.git/gcc/diagnostic.cc:1671
#1  0x000000000077ac59 in comptypes_check_enum_int (type1=0x7ffff063f540, type2=0x7ffff0670348, enum_and_int_p=0x7fffffffad0d) at /path/to/gcc.git/gcc/c/c-typeck.cc:1490
#2  comptypes_check_enum_int (type1=type1@entry=0x7ffff063f540, type2=type2@entry=0x7ffff0670348, enum_and_int_p=enum_and_int_p@entry=0x7fffffffad0d) at /path/to/gcc.git/gcc/c/c-typeck.cc:1490
#3  0x00000000009d3975 in diagnose_mismatched_decls (newdecl=newdecl@entry=0x7ffff06a6720, olddecl=olddecl@entry=0x7ffff0665130, newtypep=newtypep@entry=0x7fffffffae48, oldtypep=oldtypep@entry=0x7fffffffae50) at /path/to/gcc.git/gcc/c/c-decl.cc:2169
#4  0x00000000009d5d63 in duplicate_decls (newdecl=newdecl@entry=0x7ffff06a6720, olddecl=0x7ffff0665130) at /path/to/gcc.git/gcc/c/c-decl.cc:3165
#5  0x00000000009d8e0a in pushdecl (x=0x7ffff06a6720) at /path/to/gcc.git/gcc/c/c-decl.cc:3372
#6  0x00000000009ee479 in start_decl (declarator=declarator@entry=0x330d8c0, declspecs=declspecs@entry=0x330d7a0, initialized=<optimised out>, initialized@entry=true, attributes=<optimised out>, do_push=true, lastloc=lastloc@entry=0x0) at /path/to/gcc.git/gcc/c/c-decl.cc:5773
#7  0x0000000000a3ce1a in c_parser_declaration_or_fndef (parser=parser@entry=0x7ffff7fbaea0, fndef_ok=false, fndef_ok@entry=true, static_assert_ok=static_assert_ok@entry=true, empty_ok=empty_ok@entry=true, nested=nested@entry=false, start_attr_ok=start_attr_ok@entry=true, simple_ok=<optimised out>, objc_foreach_object_declaration=<optimised out>, omp_declare_simd_clauses=<optimised out>, have_attrs=<optimised out>, attrs=<optimised out>, oacc_routine_data=<optimised out>, fallthru_attr_p=<optimised out>) at /path/to/gcc.git/gcc/c/c-parser.cc:2784
#8  0x0000000000a7a9c8 in c_parser_external_declaration (parser=0x7ffff7fbaea0) at /path/to/gcc.git/gcc/c/c-parser.cc:2069
#9  0x0000000000a7b951 in c_parser_translation_unit (parser=<optimised out>) at /path/to/gcc.git/gcc/c/c-parser.cc:1923
#10 c_parse_file () at /path/to/gcc.git/gcc/c/c-parser.cc:29055
#11 0x0000000000afc26a in c_common_parse_file () at /path/to/gcc.git/gcc/c-family/c-opts.cc:1389
#12 0x000000000113d69f in compile_file () at /path/to/gcc.git/gcc/toplev.cc:452
#13 0x00000000009c51e0 in do_compile () at /path/to/gcc.git/gcc/toplev.cc:2208
#14 toplev::main (this=this@entry=0x7fffffffb4a6, argc=<optimised out>, argc@entry=160, argv=<optimised out>, argv@entry=0x7fffffffb5e8) at /path/to/gcc.git/gcc/toplev.cc:2368
#15 0x00000000009c6b50 in main (argc=160, argv=0x7fffffffb5e8) at /path/to/gcc.git/gcc/main.cc:39

The comptypes_check_enum_int() function is called with type1 and type2 both having code == RECORD_TYPE. From the function name, it looks like it's only meant to be called for enums and ints?

These are the GCC_PLUGIN config options that are enabled:

$ grep GCC_PLUGIN ~/.cache/builds/linux-cross-arm64/.config
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
CONFIG_GCC_PLUGIN_RANDSTRUCT=y

And this is the GCC version tested:

$ aarch64-linux-gnu-gcc --version
aarch64-linux-gnu-gcc (GCC) 15.0.0 20241212 (experimental) [master revision gcc-15-6176-gb563a3a00db0]
Copyright (C) 2024 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Tested with Linux commit 231825b ("Revert "unicode: Don't special case ignorable code points"").

When disabling CONFIG_RANDSTRUCT, the problem goes away.

I also tested a native build in x86_64 and the same issue happens there.