Crash in __do_IRQ with gcc 15

Paul Mackerras paulus at ozlabs.org
Tue May 13 22:27:40 AEST 2025 

On Mon, May 12, 2025 at 01:31:34PM +1000, Michael Ellerman wrote:

> Are you building with pcrel? Otherwise r2 shouldn't be getting used as
> an ordinary register.

Yes, CONFIG_PPC_KERNEL_PCREL=y.  I'll try with n and see what happens.

> Can you show the disassembly of where it's getting used?

c00000000000fc50 <__do_IRQ>:
c00000000000fc50:	a6 02 08 7c 	mflr    r0
c00000000000fc54:	f0 ff c1 fb 	std     r30,-16(r1)
c00000000000fc58:	f8 ff e1 fb 	std     r31,-8(r1)
c00000000000fc5c:	26 01 10 06 	pla     r2,19317860	# c00000000127c0c0 <__irq_regs>
c00000000000fc60:	64 c4 40 38 
c00000000000fc64:	2e 01 10 06 	pla     r10,19857060	# c0000000012ffb08 <hardirq_ctx>
c00000000000fc68:	a4 fe 40 39 
c00000000000fc6c:	10 00 01 f8 	std     r0,16(r1)
c00000000000fc70:	d1 ff 21 f8 	stdu    r1,-48(r1)
c00000000000fc74:	20 00 0d e9 	ld      r8,32(r13)
c00000000000fc78:	78 13 49 7c 	mr      r9,r2
c00000000000fc7c:	2a 40 c9 7f 	ldx     r30,r9,r8
c00000000000fc80:	2a 49 68 7c 	stdx    r3,r8,r9
c00000000000fc84:	00 00 2d a1 	lhz     r9,0(r13)
c00000000000fc88:	24 1f 29 79 	sldi    r9,r9,3
c00000000000fc8c:	2a 48 ea 7f 	ldx     r31,r10,r9
c00000000000fc90:	64 04 29 78 	clrrdi  r9,r1,14
c00000000000fc94:	40 48 3f 7c 	cmpld   r31,r9
c00000000000fc98:	24 00 82 40 	bne     c00000000000fcbc <__do_IRQ+0x6c>
c00000000000fc9c:	78 0b 24 7c 	mr      r4,r1
c00000000000fca0:	e5 f9 ff 4b 	bl      c00000000000f684 <__do_irq>
c00000000000fca4:	26 01 10 06 	pla     r2,19317788	# c00000000127c0c0 <__irq_regs>
c00000000000fca8:	1c c4 40 38 
c00000000000fcac:	20 00 2d e9 	ld      r9,32(r13)
c00000000000fcb0:	30 00 21 38 	addi    r1,r1,48
c00000000000fcb4:	2a 11 c9 7f 	stdx    r30,r9,r2
c00000000000fcb8:	4c c0 50 48 	b       c00000000051bd04 <_restgpr0_30>
c00000000000fcbc:	e1 3f 3f f8 	stdu    r1,16352(r31)
c00000000000fcc0:	78 0b 24 7c 	mr      r4,r1
c00000000000fcc4:	78 fb e1 7f 	mr      r1,r31
c00000000000fcc8:	bd f9 ff 4b 	bl      c00000000000f684 <__do_irq>
c00000000000fccc:	00 00 21 e8 	ld      r1,0(r1)
c00000000000fcd0:	dc ff ff 4b 	b       c00000000000fcac <__do_IRQ+0x5c>

That's the whole of __do_IRQ().  It explodes at c00000000000fcb4 after
the return from the call to __do_irq() at c00000000000fcc8, which is
the one in the inline asm.  The compiler does reload r2 after the
ordinary call to __do_irq() at c00000000000fca0.

> There was a change to r2 handling in GCC 15, but AFAICS it was meant to
> only affect pcrel code.
> 
> Still it's likely our bug because we are being weird and calling a
> function inside an inline asm block.

Yep.

Thanks,
Paul.

More information about the Linuxppc-dev mailing list