CC: [email protected] CC: [email protected] CC: [email protected] TO: Peter Zijlstra <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt head: fc75350d28c2cad4ccde0f21b696c2067881212e commit: 00def71a65ded6fb7cfbb1ec6500baf6d14d9ca8 [1/5] x86: Annotate _THIS_IP_ :::::: branch date: 4 days ago :::::: commit date: 4 days ago config: i386-randconfig-c001-20211126 (https://download.01.org/0day-ci/archive/20211129/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 5162b558d8c0b542e752b037e72a69d5fd51eb1e) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?id=00def71a65ded6fb7cfbb1ec6500baf6d14d9ca8 git remote add peterz-queue https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git git fetch --no-tags peterz-queue x86/wip.ibt git checkout 00def71a65ded6fb7cfbb1ec6500baf6d14d9ca8 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) kernel/nsproxy.c:551:8: note: Calling 'prepare_nsset' err = prepare_nsset(flags, &nsset); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:316:48: note: Left side of '&&' is false nsset->nsproxy = create_new_namespaces(0, me, current_user_ns(), me->fs); ^ include/linux/cred.h:395:28: note: expanded from macro 'current_user_ns' #define current_user_ns() (current_cred_xxx(user_ns)) ^ include/linux/cred.h:378:2: note: expanded from macro 'current_cred_xxx' current_cred()->xxx; \ ^ include/linux/cred.h:299:2: note: expanded from macro 'current_cred' rcu_dereference_protected(current->cred, 1) ^ include/linux/rcupdate.h:588:2: note: expanded from macro 'rcu_dereference_protected' __rcu_dereference_protected((p), (c), __rcu) ^ include/linux/rcupdate.h:397:2: note: expanded from macro '__rcu_dereference_protected' RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \ ^ include/linux/rcupdate.h:319:11: note: expanded from macro 'RCU_LOCKDEP_WARN' if ((c) && debug_lockdep_rcu_enabled() && !__warned) { \ ^ kernel/nsproxy.c:316:48: note: Loop condition is false. Exiting loop nsset->nsproxy = create_new_namespaces(0, me, current_user_ns(), me->fs); ^ include/linux/cred.h:395:28: note: expanded from macro 'current_user_ns' #define current_user_ns() (current_cred_xxx(user_ns)) ^ include/linux/cred.h:378:2: note: expanded from macro 'current_cred_xxx' current_cred()->xxx; \ ^ include/linux/cred.h:299:2: note: expanded from macro 'current_cred' rcu_dereference_protected(current->cred, 1) ^ include/linux/rcupdate.h:588:2: note: expanded from macro 'rcu_dereference_protected' __rcu_dereference_protected((p), (c), __rcu) ^ include/linux/rcupdate.h:397:2: note: expanded from macro '__rcu_dereference_protected' RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \ ^ include/linux/rcupdate.h:317:2: note: expanded from macro 'RCU_LOCKDEP_WARN' do { \ ^ kernel/nsproxy.c:317:2: note: Taking false branch if (IS_ERR(nsset->nsproxy)) ^ kernel/nsproxy.c:320:6: note: Assuming the condition is true if (flags & CLONE_NEWUSER) ^~~~~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:320:2: note: Taking true branch if (flags & CLONE_NEWUSER) ^ kernel/nsproxy.c:324:6: note: Assuming field 'cred' is non-null if (!nsset->cred) ^~~~~~~~~~~~ kernel/nsproxy.c:324:2: note: Taking false branch if (!nsset->cred) ^ kernel/nsproxy.c:328:6: note: 'flags' is not equal to CLONE_NEWNS if (flags == CLONE_NEWNS) { ^~~~~ kernel/nsproxy.c:328:2: note: Taking false branch if (flags == CLONE_NEWNS) { ^ kernel/nsproxy.c:330:13: note: Assuming the condition is false } else if (flags & CLONE_NEWNS) { ^~~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:330:9: note: Taking false branch } else if (flags & CLONE_NEWNS) { ^ kernel/nsproxy.c:337:2: note: Returning zero, which participates in a condition later return 0; ^~~~~~~~ kernel/nsproxy.c:551:8: note: Returning from 'prepare_nsset' err = prepare_nsset(flags, &nsset); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:552:6: note: 'err' is 0 if (err) ^~~ kernel/nsproxy.c:552:2: note: Taking false branch if (err) ^ kernel/nsproxy.c:555:6: note: Assuming the condition is true if (proc_ns_file(file)) ^~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:555:2: note: Taking true branch if (proc_ns_file(file)) ^ kernel/nsproxy.c:556:29: note: Passing null pointer value via 2nd parameter 'ns' err = validate_ns(&nsset, ns); ^~ kernel/nsproxy.c:556:9: note: Calling 'validate_ns' err = validate_ns(&nsset, ns); ^~~~~~~~~~~~~~~~~~~~~~~ kernel/nsproxy.c:346:9: note: Access to field 'ops' results in a dereference of a null pointer (loaded from variable 'ns') return ns->ops->install(nsset, ns); ^~ 1 warning generated. >> fs/eventpoll.c:1303:26: warning: The right operand of '>' is a garbage value >> due to array index out of bounds >> [clang-analyzer-core.UndefinedBinaryOperatorResult] if (++path_count[nests] > path_limits[nests]) ^ fs/eventpoll.c:1321:6: note: Assuming 'depth' is <= EP_MAX_NESTS if (depth > EP_MAX_NESTS) /* too deep nesting */ ^~~~~~~~~~~~~~~~~~~~ fs/eventpoll.c:1321:2: note: Taking false branch if (depth > EP_MAX_NESTS) /* too deep nesting */ ^ fs/eventpoll.c:1325:2: note: Left side of '||' is false hlist_for_each_entry_rcu(epi, refs, fllink) { ^ include/linux/rculist.h:706:30: note: expanded from macro 'hlist_for_each_entry_rcu' pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ ^ include/linux/rcupdate.h:404:25: note: expanded from macro 'rcu_dereference_raw' typeof(p) ________p1 = READ_ONCE(p); \ ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:302:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ fs/eventpoll.c:1325:2: note: Left side of '||' is false hlist_for_each_entry_rcu(epi, refs, fllink) { ^ include/linux/rculist.h:706:30: note: expanded from macro 'hlist_for_each_entry_rcu' pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ ^ include/linux/rcupdate.h:404:25: note: expanded from macro 'rcu_dereference_raw' typeof(p) ________p1 = READ_ONCE(p); \ ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:302:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ fs/eventpoll.c:1325:2: note: Left side of '||' is true hlist_for_each_entry_rcu(epi, refs, fllink) { ^ include/linux/rculist.h:706:30: note: expanded from macro 'hlist_for_each_entry_rcu' pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ ^ include/linux/rcupdate.h:404:25: note: expanded from macro 'rcu_dereference_raw' typeof(p) ________p1 = READ_ONCE(p); \ ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:303:28: note: expanded from macro '__native_word' sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) ^ fs/eventpoll.c:1325:2: note: Taking false branch hlist_for_each_entry_rcu(epi, refs, fllink) { ^ include/linux/rculist.h:706:30: note: expanded from macro 'hlist_for_each_entry_rcu' pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ ^ include/linux/rcupdate.h:404:25: note: expanded from macro 'rcu_dereference_raw' typeof(p) ________p1 = READ_ONCE(p); \ ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ note: (skipping 1 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:335:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:323:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:315:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ fs/eventpoll.c:1325:2: note: Loop condition is false. Exiting loop hlist_for_each_entry_rcu(epi, refs, fllink) { ^ include/linux/rculist.h:706:30: note: expanded from macro 'hlist_for_each_entry_rcu' pos = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),\ ^ include/linux/rcupdate.h:404:25: note: expanded from macro 'rcu_dereference_raw' typeof(p) ________p1 = READ_ONCE(p); \ ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ note: (skipping 1 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:335:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ -- rightmostParityArm = (arms - 1) - mega_mod64(rowNum, arms); ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:75:6: note: Assuming 'divisor' is 0 if (!divisor) ^~~~~~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:75:2: note: Taking true branch if (!divisor) ^ drivers/scsi/megaraid/megaraid_sas_fp.c:76:3: note: Loop condition is false. Exiting loop printk(KERN_ERR "megasas : DIVISOR is zero, in div fn\n"); ^ include/linux/printk.h:450:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:396:34: note: expanded from macro '__printk_index_emit' #define __printk_index_emit(...) do {} while (0) ^ drivers/scsi/megaraid/megaraid_sas_fp.c:78:14: note: The value 0 is assigned to '__base' remainder = do_div(d, divisor); ^ arch/x86/include/asm/div64.h:25:2: note: expanded from macro 'do_div' __base = (base); \ ^~~~~~~~~~~~~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:78:14: note: Left side of '&&' is false remainder = do_div(d, divisor); ^ arch/x86/include/asm/div64.h:26:35: note: expanded from macro 'do_div' if (__builtin_constant_p(__base) && is_power_of_2(__base)) { \ ^ drivers/scsi/megaraid/megaraid_sas_fp.c:78:14: note: Assuming '__high' is not equal to 0 remainder = do_div(d, divisor); ^ arch/x86/include/asm/div64.h:32:7: note: expanded from macro 'do_div' if (__high) { \ ^~~~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:78:14: note: Taking true branch remainder = do_div(d, divisor); ^ arch/x86/include/asm/div64.h:32:3: note: expanded from macro 'do_div' if (__high) { \ ^ drivers/scsi/megaraid/megaraid_sas_fp.c:78:14: note: Division by zero remainder = do_div(d, divisor); ^ arch/x86/include/asm/div64.h:33:21: note: expanded from macro 'do_div' __upper = __high % (__base); \ ~~~~~~~^~~~~~~~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:1382:3: warning: Value stored to 'bestArm' is never read [clang-analyzer-deadcode.DeadStores] bestArm = arm; ^ ~~~ drivers/scsi/megaraid/megaraid_sas_fp.c:1382:3: note: Value stored to 'bestArm' is never read bestArm = arm; ^ ~~~ 9 warnings generated. net/ipv6/route.c:568:6: warning: Access to field 'nh' results in a dereference of a null pointer (loaded from variable 'f6i') [clang-analyzer-core.NullDereference] if (unlikely(f6i->nh)) { ^ include/linux/compiler.h:48:24: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^ ~ include/linux/compiler.h:33:33: note: expanded from macro '__branch_check__' ______r = __builtin_expect(!!(x), expect); \ ^~ net/ipv6/route.c:527:2: note: 'f6i' initialized here struct fib6_info *f6i = res->f6i; ^~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:531:6: note: Assuming 'oif' is not equal to 0 if (!oif && ipv6_addr_any(saddr)) { ^~~~ net/ipv6/route.c:531:11: note: Left side of '&&' is false if (!oif && ipv6_addr_any(saddr)) { ^ net/ipv6/route.c:543:20: note: Assuming pointer value is null for (spf6i = f6i; spf6i; spf6i = rcu_dereference(spf6i->fib6_next)) { ^~~~~ net/ipv6/route.c:543:2: note: Loop condition is false. Execution continues on line 562 for (spf6i = f6i; spf6i; spf6i = rcu_dereference(spf6i->fib6_next)) { ^ net/ipv6/route.c:562:6: note: 'oif' is not equal to 0 if (oif && flags & RT6_LOOKUP_F_IFACE) { ^~~ net/ipv6/route.c:562:6: note: Left side of '&&' is true net/ipv6/route.c:562:13: note: Assuming the condition is false if (oif && flags & RT6_LOOKUP_F_IFACE) { ^~~~~~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:562:2: note: Taking false branch if (oif && flags & RT6_LOOKUP_F_IFACE) { ^ net/ipv6/route.c:568:6: note: Access to field 'nh' results in a dereference of a null pointer (loaded from variable 'f6i') if (unlikely(f6i->nh)) { ^ include/linux/compiler.h:48:24: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^ ~ include/linux/compiler.h:33:33: note: expanded from macro '__branch_check__' ______r = __builtin_expect(!!(x), expect); \ ^~ >> net/ipv6/route.c:3424:9: warning: Dereference of null pointer (loaded from >> variable '_dev') [clang-analyzer-core.NullDereference] *_dev = dev = res.nh->fib_nh_dev; ~~~~ ^ net/ipv6/route.c:3384:27: note: Assuming '_dev' is null struct net_device *dev = _dev ? *_dev : NULL; ^~~~ net/ipv6/route.c:3384:27: note: '?' condition is false net/ipv6/route.c:3389:6: note: Assuming field 'fc_table' is 0 if (cfg->fc_table) { ^~~~~~~~~~~~~ net/ipv6/route.c:3389:2: note: Taking false branch if (cfg->fc_table) { ^ net/ipv6/route.c:3401:6: note: 'err' is < 0 if (err < 0) { ^~~ net/ipv6/route.c:3401:2: note: Taking true branch if (err < 0) { ^ net/ipv6/route.c:3408:7: note: Assuming 'err' is 0 if (err || res.fib6_flags & RTF_REJECT || ^~~ net/ipv6/route.c:3408:7: note: Left side of '||' is false net/ipv6/route.c:3408:14: note: Assuming the condition is false if (err || res.fib6_flags & RTF_REJECT || ^~~~~~~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3408:7: note: Left side of '||' is false if (err || res.fib6_flags & RTF_REJECT || ^ net/ipv6/route.c:3409:7: note: Assuming field 'nhc_gw_family' is 0 res.nh->fib_nh_gw_family) ^~~~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3408:3: note: Taking false branch if (err || res.fib6_flags & RTF_REJECT || ^ net/ipv6/route.c:3412:7: note: 'err' is 0 if (err) ^~~ net/ipv6/route.c:3412:3: note: Taking false branch if (err) ^ net/ipv6/route.c:3416:6: note: Assuming field 'fc_ifindex' is equal to 0 cfg->fc_ifindex != 0, NULL, flags); ^~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3420:6: note: 'dev' is null if (dev) { ^~~ net/ipv6/route.c:3420:2: note: Taking false branch if (dev) { ^ net/ipv6/route.c:3424:9: note: Dereference of null pointer (loaded from variable '_dev') *_dev = dev = res.nh->fib_nh_dev; ~~~~ ^ net/ipv6/route.c:3631:24: warning: Access to field 'ifindex' results in a dereference of a null pointer (loaded from variable 'dev') [clang-analyzer-core.NullDereference] fib6_nh->fib_nh_oif = dev->ifindex; ^ net/ipv6/route.c:3696:6: note: Assuming the condition is false if (cfg->fc_flags & RTF_PCPU) { ^~~~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3696:2: note: Taking false branch if (cfg->fc_flags & RTF_PCPU) { ^ net/ipv6/route.c:3702:6: note: Assuming the condition is false if (cfg->fc_flags & RTF_CACHE) { ^~~~~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3702:2: note: Taking false branch if (cfg->fc_flags & RTF_CACHE) { ^ net/ipv6/route.c:3707:6: note: Assuming the condition is false if (cfg->fc_type > RTN_MAX) { ^~~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3707:2: note: Taking false branch if (cfg->fc_type > RTN_MAX) { ^ net/ipv6/route.c:3712:6: note: Assuming field 'fc_dst_len' is <= 128 if (cfg->fc_dst_len > 128) { ^~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3712:2: note: Taking false branch if (cfg->fc_dst_len > 128) { ^ net/ipv6/route.c:3716:6: note: Assuming field 'fc_src_len' is <= 128 if (cfg->fc_src_len > 128) { ^~~~~~~~~~~~~~~~~~~~~ net/ipv6/route.c:3716:2: note: Taking false branch if (cfg->fc_src_len > 128) { ^ net/ipv6/route.c:3721:6: note: Assuming field 'fc_src_len' is 0 if (cfg->fc_src_len) { ^~~~~~~~~~~~~~~ net/ipv6/route.c:3721:2: note: Taking false branch if (cfg->fc_src_len) { ^ net/ipv6/route.c:3727:6: note: Assuming field 'fc_nh_id' is 0 if (cfg->fc_nh_id) { ^~~~~~~~~~~~~ net/ipv6/route.c:3727:2: note: Taking false branch if (cfg->fc_nh_id) { ^ net/ipv6/route.c:3739:6: note: Assuming field 'nlh' is null if (cfg->fc_nlinfo.nlh && ^~~~~~~~~~~~~~~~~~ vim +1303 fs/eventpoll.c 28d82dc1c4edbc Jason Baron 2012-01-12 1296 28d82dc1c4edbc Jason Baron 2012-01-12 1297 static int path_count_inc(int nests) 28d82dc1c4edbc Jason Baron 2012-01-12 1298 { 93dc6107a76dae Jason Baron 2012-03-16 1299 /* Allow an arbitrary number of depth 1 paths */ 93dc6107a76dae Jason Baron 2012-03-16 1300 if (nests == 0) 93dc6107a76dae Jason Baron 2012-03-16 1301 return 0; 93dc6107a76dae Jason Baron 2012-03-16 1302 28d82dc1c4edbc Jason Baron 2012-01-12 @1303 if (++path_count[nests] > path_limits[nests]) 28d82dc1c4edbc Jason Baron 2012-01-12 1304 return -1; 28d82dc1c4edbc Jason Baron 2012-01-12 1305 return 0; 28d82dc1c4edbc Jason Baron 2012-01-12 1306 } 28d82dc1c4edbc Jason Baron 2012-01-12 1307 :::::: The code at line 1303 was first introduced by commit :::::: 28d82dc1c4edbc352129f97f4ca22624d1fe61de epoll: limit paths :::::: TO: Jason Baron <[email protected]> :::::: CC: Linus Torvalds <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
