https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113923
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Reproducing that is going to be a challenge. FWIW you can probably work around it via -fno-analyzer-undo-inlining. For an inlined_call_event's m_apparent_caller_fndecl to be NULL, then when it was created in checker_path::inject_any_inlined_call_events, cd.m_fndecl would have to be NULL here: 310 const chain_element &ce = elements[element_idx]; 311 int stack_depth_adjustment 312 = (blocks_in_curr_event.elements () - element_idx) - 1; 313 if (location_t callsite = BLOCK_SOURCE_LOCATION (ce.m_block)) 314 updated_events.safe_push 315 (new inlined_call_event (callsite, 316 elements[element_idx - 1].m_fndecl, 317 ce.m_fndecl, 318 orig_stack_depth, 319 stack_depth_adjustment)); which comes from iter.get_fndecl () earlier in that function: 292 for (inlining_iterator iter (curr_loc); !iter.done_p (); iter.next ()) 293 { 294 chain_element ce; 295 ce.m_block = iter.get_block (); 296 ce.m_fndecl = iter.get_fndecl (); 297 298 if (!blocks_in_prev_event.contains (ce.m_block)) 299 elements.safe_push (ce); 300 blocks_in_curr_event.add (ce.m_block); 301 } inlining-iterator.h looks at FUNCTION_DECL, so maybe if you're using a different code that could confuse it. But this is from libgccjit, so I'm not sure.