struct arg_and_data_s
{
  struct arg_and_data_s *next;
  unsigned int len;
  char arg[];
};

sizeof(struct arg_and_data_s) is 16 for x86_64.
offsetof (struct arg_and_data_s, arg) is 12.

I think the malloc needs to be at least the sizeof which is why it is complaining.

As Andrew explained, the first operand in the -> expression needs to point to an object of the type whose member is being accessed or at least as big as one, and the warning is designed to point out when it's not (arguably, it could be phrased better).  The following is a small test case to illustrate the warning (see also pr101436 comment 2 for a similar C++ test case).

$ cat pr102151.c && gcc -O2 -S -Wall pr102151.c
struct S { char a, b; };

extern char c;

void f (void)
{
  struct S *p = &c;
  p->a = 0;
}
pr102151.c: In function ‘f’:
pr102151.c:7:17: warning: initialization of ‘struct S *’ from incompatible pointer type ‘char *’ [-Wincompatible-pointer-types]
    7 |   struct S *p = &c;
      |                 ^
pr102151.c:8:4: warning: array subscript ‘struct S[0]’ is partly outside array bounds of ‘char[1]’ [-Warray-bounds]
    8 |   p->a = 0;
      |    ^~
pr102151.c:3:13: note: while referencing ‘c’
    3 | extern char c;
      |             ^

Thank you for the explanation.  I understand how (current version of) GCC warns.

From the viewpoint of use of structure with flexible array member, still, this could be considered as a bug of GCC, because the warning itself is irrelevant.

My point is that:

(1) In the test case, use of offsetof(struct arg_and_data_s, arg) is valid (I mean, no violation of language/feature).  In other words,

(2) Allocated space for an object of the structure may be smaller than sizeof().  There are such cases, for structure with flexible array member, because of structure alignment.

(3) It seems for me that by (current version of) GCC, the fact (2) is ignored.