CC: [email protected] CC: [email protected] CC: [email protected] TO: Peter Zijlstra <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/wip.ibt head: 7b31f08c5f3fb5f3cfd75deb24787569f35315d5 commit: f348a305ec94fcc9a5ac3aefb53dbf2269f26e18 [2/15] x86: Annotate _THIS_IP_ :::::: branch date: 2 days ago :::::: commit date: 2 days ago config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220116/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 650fc40b6d8d9a5869b4fca525d5f237b0ee2803) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?id=f348a305ec94fcc9a5ac3aefb53dbf2269f26e18 git remote add peterz-queue https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git git fetch --no-tags peterz-queue x86/wip.ibt git checkout f348a305ec94fcc9a5ac3aefb53dbf2269f26e18 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:374:7: note: expanded from macro '__printk_index_emit' if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \ ^ include/linux/hid.h:1011:3: note: Taking true branch pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:660:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:644:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:450:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:374:3: note: expanded from macro '__printk_index_emit' if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \ ^ include/linux/compiler.h:56:23: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/hid.h:1011:3: note: '?' condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:660:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:644:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:450:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:383:12: note: expanded from macro '__printk_index_emit' .fmt = __builtin_constant_p(_fmt) ? (_fmt) : NULL, \ ^ include/linux/hid.h:1011:3: note: '?' condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:660:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:644:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:450:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:387:14: note: expanded from macro '__printk_index_emit' .level = __builtin_constant_p(_level) ? (_level) : NULL, \ ^ include/linux/hid.h:1011:3: note: Loop condition is false. Exiting loop pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:660:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:644:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:450:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:421:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:373:2: note: expanded from macro '__printk_index_emit' do { \ ^ include/linux/hid.h:1012:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') input->name, c, type); ^ include/linux/printk.h:660:49: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:644:17: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ include/linux/printk.h:450:60: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:422:19: note: expanded from macro 'printk_index_wrap' _p_func(_fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. >> net/core/skmsg.c:590:3: warning: Attempt to free released memory >> [clang-analyzer-unix.Malloc] kfree(msg); ^ net/core/skmsg.c:960:2: note: Control jumps to 'case __SK_PASS:' at line 961 switch (verdict) { ^ net/core/skmsg.c:964:7: note: Assuming the condition is true if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ net/core/skmsg.c:964:38: note: Left side of '||' is true if (sock_flag(sk_other, SOCK_DEAD) || ^ net/core/skmsg.c:964:3: note: '?' condition is false if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ net/core/skmsg.c:964:7: note: Assuming the condition is true if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value' (cond) ? \ ^~~~ net/core/skmsg.c:964:38: note: Left side of '||' is true if (sock_flag(sk_other, SOCK_DEAD) || ^ net/core/skmsg.c:964:3: note: Assuming the condition is false if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:44: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ~~~~~~~~~~~~~~~~~^~~~~ include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value' (cond) ? \ ^~~~ net/core/skmsg.c:964:3: note: '?' condition is false if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:69: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ include/linux/compiler.h:69:2: note: expanded from macro '__trace_if_value' (cond) ? \ ^ net/core/skmsg.c:964:3: note: Taking false branch if (sock_flag(sk_other, SOCK_DEAD) || ^ include/linux/compiler.h:56:23: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ net/core/skmsg.c:978:3: note: '?' condition is false if (skb_queue_empty(&psock->ingress_skb)) { ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ net/core/skmsg.c:978:3: note: Assuming the condition is true if (skb_queue_empty(&psock->ingress_skb)) { ^ include/linux/compiler.h:56:44: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ~~~~~~~~~~~~~~~~~^~~~~ include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value' (cond) ? \ ^~~~ net/core/skmsg.c:978:3: note: '?' condition is true if (skb_queue_empty(&psock->ingress_skb)) { ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:69: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) vim +590 net/core/skmsg.c 6fa9201a898983 John Fastabend 2020-11-16 572 6fa9201a898983 John Fastabend 2020-11-16 573 /* Puts an skb on the ingress queue of the socket already assigned to the 6fa9201a898983 John Fastabend 2020-11-16 574 * skb. In this case we do not need to check memory limits or skb_set_owner_r 6fa9201a898983 John Fastabend 2020-11-16 575 * because the skb is already accounted for here. 6fa9201a898983 John Fastabend 2020-11-16 576 */ 7303524e04af49 Liu Jian 2021-10-29 577 static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb, 7303524e04af49 Liu Jian 2021-10-29 578 u32 off, u32 len) 6fa9201a898983 John Fastabend 2020-11-16 579 { 6fa9201a898983 John Fastabend 2020-11-16 580 struct sk_msg *msg = kzalloc(sizeof(*msg), __GFP_NOWARN | GFP_ATOMIC); 6fa9201a898983 John Fastabend 2020-11-16 581 struct sock *sk = psock->sk; 7e6b27a69167f9 John Fastabend 2021-07-12 582 int err; 6fa9201a898983 John Fastabend 2020-11-16 583 6fa9201a898983 John Fastabend 2020-11-16 584 if (unlikely(!msg)) 6fa9201a898983 John Fastabend 2020-11-16 585 return -EAGAIN; 6fa9201a898983 John Fastabend 2020-11-16 586 sk_msg_init(msg); 144748eb0c4450 John Fastabend 2021-04-01 587 skb_set_owner_r(skb, sk); 7303524e04af49 Liu Jian 2021-10-29 588 err = sk_psock_skb_ingress_enqueue(skb, off, len, psock, sk, msg); 7e6b27a69167f9 John Fastabend 2021-07-12 589 if (err < 0) 7e6b27a69167f9 John Fastabend 2021-07-12 @590 kfree(msg); 7e6b27a69167f9 John Fastabend 2021-07-12 591 return err; 6fa9201a898983 John Fastabend 2020-11-16 592 } 6fa9201a898983 John Fastabend 2020-11-16 593 :::::: The code at line 590 was first introduced by commit :::::: 7e6b27a69167f97c56b5437871d29e9722c3e470 bpf, sockmap: Fix potential memory leak on unlikely error case :::::: TO: John Fastabend <[email protected]> :::::: CC: Daniel Borkmann <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
