runtime error: applying non-zero offset 1 to null pointer

[J-Richter]

clang with -fsanitize=undefined produces the error "include/small/lf_lifo.h:86:59: runtime error: applying non-zero offset 1 to null pointer" when running our test suite.
The error is indirectly triggered by calling slab_cache_destroy. I can try to provide a simplified test case if needed.
Source of lf_lifo.h:86 is

void *newhead = (char *) elem + aba_value((char *) tail + 1);

[ligurio]

@J-Richter Jörg, thanks for the report!

I can try to provide a simplified test case if needed.

Yes, please. This would be helpful.

Also add more details about used SMALL version (commit hash is enough).

[J-Richter]

Commit hash is 8306060.
I'll try to reduce a test case.

[J-Richter]

This program triggers the problem:

#include <small/quota.h>
#include <small/slab_arena.h>
#include <small/slab_cache.h>
#include <small/small.h>

int main( int, char** )
{
  quota runtime_quota;
  slab_arena arena;
  slab_cache sacache;
  small_alloc sa;

  quota_init( &runtime_quota, QUOTA_MAX );
  slab_arena_create( &arena, &runtime_quota, 0, 4*1024*1024, MAP_PRIVATE );
  slab_cache_create( &sacache, &arena );
  float actualFactor;
  small_alloc_create( &sa, &sacache, 16, 16, 1.2, &actualFactor );

  smalloc( &sa, 60 );

  small_alloc_destroy( &sa );
  slab_cache_destroy( &sacache );
  slab_arena_destroy( &arena );
}

I compiled with clang 17 and -fsanitize=undefined

Backtrace is

small/lf_lifo.h:86:59: runtime error: applying non-zero offset 1 to null pointer
    #0 0x7ffff7fdd004 in slab_unmap small/lf_lifo.h:86:59
    #1 0x7ffff7fdd41a in slab_cache_destroy small/slab_cache.c:213:4