:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: include/linux/container_of.h:18:15: warning: use of uninitialized value '((struct nilfs_recovery_block *)((char *)__mptr + 8))[134217727].list.next' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Andy Shevchenko <[email protected]> CC: Andrew Morton <[email protected]> CC: Linux Memory Management List <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 506357871c18e06565840d71c2ef9f818e19f460 commit: d2a8ebbf8192b84b11f1b204c4f7c602df32aeac kernel.h: split out container_of() and typeof_member() macros date: 10 months ago :::::: branch date: 12 hours ago :::::: commit date: 10 months ago config: arm-randconfig-c002-20220904 (https://download.01.org/0day-ci/archive/20220909/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2a8ebbf8192b84b11f1b204c4f7c602df32aeac git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout d2a8ebbf8192b84b11f1b204c4f7c602df32aeac # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc_analyzer warnings: (new ones prefixed by >>) | | | | | (31) following 'false' branch... |...... | 623 | switch (state) { | | ~~~~~~ | | | | | (32) ...to here | | (33) following 'case 0:' branch... | 624 | case RF_INIT_ST: | | ~~~~ | | | | | (34) ...to here | 625 | if (!(flags & NILFS_SS_LOGBGN) || | | ~ | | | | | (35) following 'false' branch... |...... | 630 | case RF_DSYNC_ST: | | ~~~~ | | | | | (36) ...to here | 631 | if (!(flags & NILFS_SS_SYNDT)) | | ~ | | | | | (37) following 'false' branch... |...... | 634 | err = nilfs_scan_dsync_log(nilfs, pseg_start, sum, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (38) ...to here | | (39) calling 'nilfs_scan_dsync_log' from 'nilfs_do_roll_forward' | 635 | &dsync_blocks); | | ~~~~~~~~~~~~~~ | +--> 'nilfs_scan_dsync_log': events 40-41 | | 304 | static int nilfs_scan_dsync_log(struct the_nilfs *nilfs, sector_t start_blocknr, | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (40) entry to 'nilfs_scan_dsync_log' |...... | 316 | if (!nfinfo) | | ~ | | | | | (41) following 'true' branch (when 'nfinfo == 0')... | 'nilfs_scan_dsync_log': event 42 | |cc1: | (42): ...to here | <------+ | 'nilfs_do_roll_forward': events 43-48 | | 634 | err = nilfs_scan_dsync_log(nilfs, pseg_start, sum, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (43) returning to 'nilfs_do_roll_forward' from 'nilfs_scan_dsync_log' | 635 | &dsync_blocks); | | ~~~~~~~~~~~~~~ | 636 | if (unlikely(err)) | | ~ | | | | | (44) following 'false' branch... | 637 | goto failed; | 638 | if (flags & NILFS_SS_LOGEND) { | | ~ | | | | | (45) ...to here | | (46) following 'true' branch... | 639 | err = nilfs_recover_dsync_blocks( | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (47) ...to here | | (48) calling 'nilfs_recover_dsync_blocks' from 'nilfs_do_roll_forward' | 640 | nilfs, sb, root, &dsync_blocks, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 641 | &nsalvaged_blocks); | | ~~~~~~~~~~~~~~~~~~ | +--> 'nilfs_recover_dsync_blocks': events 49-50 | | 491 | static int nilfs_recover_dsync_blocks(struct the_nilfs *nilfs, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (49) entry to 'nilfs_recover_dsync_blocks' |...... | 500 | struct page *page; | | ~~~~ | | | | | (50) use of uninitialized value '<unknown>' here | In file included from include/linux/kernel.h:12, from include/linux/list.h:9, from include/linux/wait.h:7, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from include/linux/buffer_head.h:12, from fs/nilfs2/recovery.c:10: >> include/linux/container_of.h:18:15: warning: use of uninitialized value >> '((struct nilfs_recovery_block *)((char *)__mptr + 8))[134217727].list.next' >> [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 18 | void *__mptr = (void *)(ptr); \ | ^~~~~~ include/linux/list.h:511:9: note: in expansion of macro 'container_of' 511 | container_of(ptr, type, member) | ^~~~~~~~~~~~ include/linux/list.h:555:9: note: in expansion of macro 'list_entry' 555 | list_entry((pos)->member.next, typeof(*(pos)), member) | ^~~~~~~~~~ include/linux/list.h:716:21: note: in expansion of macro 'list_next_entry' 716 | n = list_next_entry(pos, member); \ | ^~~~~~~~~~~~~~~ fs/nilfs2/recovery.c:504:9: note: in expansion of macro 'list_for_each_entry_safe' 504 | list_for_each_entry_safe(rb, n, head, list) { | ^~~~~~~~~~~~~~~~~~~~~~~~ 'nilfs_salvage_orphan_logs': events 1-6 | | 729 | int nilfs_salvage_orphan_logs(struct the_nilfs *nilfs, | | ^~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'nilfs_salvage_orphan_logs' |...... | 736 | if (ri->ri_lsegs_start == 0 || ri->ri_lsegs_end == 0) | | ~ | | | | | (2) following 'false' branch... |...... | 739 | err = nilfs_attach_checkpoint(sb, ri->ri_cno, true, &root); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | 740 | if (unlikely(err)) { | | ~ | | | | | (4) following 'false' branch... |...... | 745 | err = nilfs_do_roll_forward(nilfs, sb, root, ri); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) ...to here | | (6) calling 'nilfs_do_roll_forward' from 'nilfs_salvage_orphan_logs' | +--> 'nilfs_do_roll_forward': event 7 | | 567 | static int nilfs_do_roll_forward(struct the_nilfs *nilfs, | | ^~~~~~~~~~~~~~~~~~~~~ | | | | | (7) entry to 'nilfs_do_roll_forward' | 'nilfs_do_roll_forward': event 8 | | 582 | LIST_HEAD(dsync_blocks); /* list of data blocks to be recovered */ | | ^~~~~~~~~~~~ | | | | | (8) region created on stack here include/linux/list.h:24:26: note: in definition of macro 'LIST_HEAD' | 24 | struct list_head name = LIST_HEAD_INIT(name) | | ^~~~ | 'nilfs_do_roll_forward': event 9 | |fs/nilfs2/recovery.c:594:40: | 594 | while (segnum != ri->ri_segnum || pseg_start <= ri->ri_pseg_start) { | | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) following 'true' branch... | 'nilfs_do_roll_forward': events 10-11 | |include/linux/buffer_head.h:290:12: | 290 | if (bh) | | ^ | | | | | (10) ...to here | | (11) following 'false' branch (when 'bh_sum' is NULL)... | 'nilfs_do_roll_forward': events 12-13 | |fs/nilfs2/recovery.c:596:26: | 596 | bh_sum = nilfs_read_log_header(nilfs, pseg_start, &sum); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (12) ...to here | | (13) calling 'nilfs_read_log_header' from 'nilfs_do_roll_forward' | +--> 'nilfs_read_log_header': events 14-16 | | 181 | nilfs_read_log_header(struct the_nilfs *nilfs, sector_t start_blocknr, | | ^~~~~~~~~~~~~~~~~~~~~ | | | | | (14) entry to 'nilfs_read_log_header' |...... | 187 | if (bh_sum) | | ~ | | | | | (15) following 'true' branch... | 188 | *sum = (struct nilfs_segment_summary *)bh_sum->b_data; | | ~~~~~~~~~~~~~~ | | | | | (16) ...to here | vim +18 include/linux/container_of.h d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 9 d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 10 /** d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 11 * container_of - cast a member of a structure out to the containing structure d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 12 * @ptr: the pointer to the member. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 13 * @type: the type of the container struct this is embedded in. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 14 * @member: the name of the member within the struct. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 15 * d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 16 */ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 17 #define container_of(ptr, type, member) ({ \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 @18 void *__mptr = (void *)(ptr); \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 19 BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 20 !__same_type(*(ptr), void), \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 21 "pointer type mismatch in container_of()"); \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 22 ((type *)(__mptr - offsetof(type, member))); }) d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 23 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
