:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: include/linux/container_of.h:18:15: warning: use of uninitialized value '((struct usb_dmac_desc *)((char *)__mptr + 60))[41297761].node.next' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Andy Shevchenko <[email protected]> CC: Andrew Morton <[email protected]> CC: Linux Memory Management List <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 521a547ced6477c54b4b0cc206000406c221b4d6 commit: d2a8ebbf8192b84b11f1b204c4f7c602df32aeac kernel.h: split out container_of() and typeof_member() macros date: 11 months ago :::::: branch date: 2 days ago :::::: commit date: 11 months ago config: arm-randconfig-c002-20220916 (https://download.01.org/0day-ci/archive/20220920/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2a8ebbf8192b84b11f1b204c4f7c602df32aeac git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout d2a8ebbf8192b84b11f1b204c4f7c602df32aeac # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc_analyzer warnings: (new ones prefixed by >>) In file included from include/linux/kernel.h:12, from include/linux/delay.h:22, from drivers/dma/sh/usb-dmac.c:12: drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_desc_free': >> include/linux/container_of.h:18:15: warning: use of uninitialized value >> '((struct usb_dmac_desc *)((char *)__mptr + 60))[41297761].node.next' >> [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 18 | void *__mptr = (void *)(ptr); \ | ^~~~~~ include/linux/list.h:511:9: note: in expansion of macro 'container_of' 511 | container_of(ptr, type, member) | ^~~~~~~~~~~~ include/linux/list.h:555:9: note: in expansion of macro 'list_entry' 555 | list_entry((pos)->member.next, typeof(*(pos)), member) | ^~~~~~~~~~ include/linux/list.h:716:21: note: in expansion of macro 'list_next_entry' 716 | n = list_next_entry(pos, member); \ | ^~~~~~~~~~~~~~~ drivers/dma/sh/usb-dmac.c:291:9: note: in expansion of macro 'list_for_each_entry_safe' 291 | list_for_each_entry_safe(desc, _desc, &list, node) { | ^~~~~~~~~~~~~~~~~~~~~~~~ 'usb_dmac_desc_free': event 1 | | 286 | LIST_HEAD(list); | | ^~~~ | | | | | (1) region created on stack here include/linux/list.h:24:26: note: in definition of macro 'LIST_HEAD' | 24 | struct list_head name = LIST_HEAD_INIT(name) | | ^~~~ | 'usb_dmac_desc_free': event 2 | | 481 | if (!list_empty(list)) { | | ^ | | | | | (2) following 'false' branch... | 'usb_dmac_desc_free': event 3 | |drivers/dma/sh/usb-dmac.c:289:9: | 289 | list_splice_init(&chan->desc_got, &list); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | 'usb_dmac_desc_free': event 4 | |include/linux/list.h:481:12: | 481 | if (!list_empty(list)) { | | ^ | | | | | (4) following 'false' branch... | 'usb_dmac_desc_free': event 5 | |include/linux/container_of.h:18:15: | 18 | void *__mptr = (void *)(ptr); \ | | ^~~~~~ | | | | | (5) ...to here include/linux/list.h:511:9: note: in expansion of macro 'container_of' | 511 | container_of(ptr, type, member) | | ^~~~~~~~~~~~ include/linux/list.h:522:9: note: in expansion of macro 'list_entry' | 522 | list_entry((ptr)->next, type, member) | | ^~~~~~~~~~ include/linux/list.h:715:20: note: in expansion of macro 'list_first_entry' | 715 | for (pos = list_first_entry(head, typeof(*pos), member), \ | | ^~~~~~~~~~~~~~~~ drivers/dma/sh/usb-dmac.c:291:9: note: in expansion of macro 'list_for_each_entry_safe' | 291 | list_for_each_entry_safe(desc, _desc, &list, node) { | | ^~~~~~~~~~~~~~~~~~~~~~~~ | 'usb_dmac_desc_free': event 6 | |include/linux/container_of.h:18:15: | 18 | void *__mptr = (void *)(ptr); \ | | ^~~~~~ | | | | | (6) use of uninitialized value '((struct usb_dmac_desc *)((char *)__mptr + 60))[41297761].node.next' here include/linux/list.h:511:9: note: in expansion of macro 'container_of' | 511 | container_of(ptr, type, member) | | ^~~~~~~~~~~~ include/linux/list.h:555:9: note: in expansion of macro 'list_entry' | 555 | list_entry((pos)->member.next, typeof(*(pos)), member) | | ^~~~~~~~~~ include/linux/list.h:716:21: note: in expansion of macro 'list_next_entry' | 716 | n = list_next_entry(pos, member); \ | | ^~~~~~~~~~~~~~~ drivers/dma/sh/usb-dmac.c:291:9: note: in expansion of macro 'list_for_each_entry_safe' | 291 | list_for_each_entry_safe(desc, _desc, &list, node) { | | ^~~~~~~~~~~~~~~~~~~~~~~~ | -- In file included from include/linux/kernel.h:12, from include/linux/list.h:9, from include/linux/rculist.h:10, from include/linux/pid.h:5, from include/linux/sched.h:14, from include/linux/cgroup.h:12, from kernel/cgroup/cgroup-internal.h:5, from kernel/cgroup/cgroup.c:31: kernel/cgroup/cgroup.c: In function 'free_cgrp_cset_links': >> include/linux/container_of.h:18:15: warning: use of uninitialized value >> '((struct cgrp_cset_link *)((char *)__mptr + 8))[178956970].cset_link.next' >> [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 18 | void *__mptr = (void *)(ptr); \ | ^~~~~~ include/linux/list.h:511:9: note: in expansion of macro 'container_of' 511 | container_of(ptr, type, member) | ^~~~~~~~~~~~ include/linux/list.h:555:9: note: in expansion of macro 'list_entry' 555 | list_entry((pos)->member.next, typeof(*(pos)), member) | ^~~~~~~~~~ include/linux/list.h:716:21: note: in expansion of macro 'list_next_entry' 716 | n = list_next_entry(pos, member); \ | ^~~~~~~~~~~~~~~ kernel/cgroup/cgroup.c:1128:9: note: in expansion of macro 'list_for_each_entry_safe' 1128 | list_for_each_entry_safe(link, tmp_link, links_to_free, cset_link) { | ^~~~~~~~~~~~~~~~~~~~~~~~ 'cgroup_init': event 1 | | 5774 | int __init cgroup_init(void) | | ^~~~~~~~~~~ | | | | | (1) entry to 'cgroup_init' | 'cgroup_init': event 2 | |include/asm-generic/bug.h:65:35: | 65 | #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) | | ^ | | | | | (2) following 'false' branch... kernel/cgroup/cgroup.c:5780:9: note: in expansion of macro 'BUG_ON' | 5780 | BUG_ON(cgroup_init_cftypes(NULL, cgroup_base_files)); | | ^~~~~~ | 'cgroup_init': event 3 | | 5781 | BUG_ON(cgroup_init_cftypes(NULL, cgroup1_base_files)); include/linux/compiler.h:78:45: note: in definition of macro 'unlikely' | 78 | # define unlikely(x) __builtin_expect(!!(x), 0) | | ^ kernel/cgroup/cgroup.c:5781:9: note: in expansion of macro 'BUG_ON' | 5781 | BUG_ON(cgroup_init_cftypes(NULL, cgroup1_base_files)); | | ^~~~~~ | 'cgroup_init': event 4 | |include/asm-generic/bug.h:65:35: | 65 | #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) | | ^ | | | | | (4) following 'false' branch... kernel/cgroup/cgroup.c:5781:9: note: in expansion of macro 'BUG_ON' | 5781 | BUG_ON(cgroup_init_cftypes(NULL, cgroup1_base_files)); | | ^~~~~~ | 'cgroup_init': event 5 | | 5783 | cgroup_rstat_boot(); | | ^~~~~~~~~~~~~~~~~~~ | | | | | (5) ...to here | 'cgroup_init': event 6 | |kernel/cgroup/cgroup-internal.h:165:55: | 165 | for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT && \ | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ | | | | | (6) following 'true' branch (when 'i != 5')... | 166 | (((ss) = cgroup_subsys[ssid]) || true); (ssid)++) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/cgroup/cgroup.c:947:9: note: in expansion of macro 'for_each_subsys' | 947 | for_each_subsys(ss, i) | | ^~~~~~~~~~~~~~~ | 'cgroup_init': event 7 | | 948 | key += (unsigned long)css[i]; | | ^ | | | | | (7) ...to here | 'cgroup_init': event 8 | | 5802 | BUG_ON(cgroup_setup_root(&cgrp_dfl_root, 0)); include/linux/compiler.h:78:45: note: in definition of macro 'unlikely' | 78 | # define unlikely(x) __builtin_expect(!!(x), 0) | | ^ kernel/cgroup/cgroup.c:5802:9: note: in expansion of macro 'BUG_ON' | 5802 | BUG_ON(cgroup_setup_root(&cgrp_dfl_root, 0)); | | ^~~~~~ | +--> 'cgroup_setup_root': event 9 | | 1962 | int cgroup_setup_root(struct cgroup_root *root, u16 ss_mask) | | ^~~~~~~~~~~~~~~~~ | | | | | (9) entry to 'cgroup_setup_root' | 'cgroup_setup_root': event 10 | | 1964 | LIST_HEAD(tmp_links); vim +18 include/linux/container_of.h d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 9 d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 10 /** d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 11 * container_of - cast a member of a structure out to the containing structure d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 12 * @ptr: the pointer to the member. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 13 * @type: the type of the container struct this is embedded in. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 14 * @member: the name of the member within the struct. d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 15 * d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 16 */ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 17 #define container_of(ptr, type, member) ({ \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 @18 void *__mptr = (void *)(ptr); \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 19 BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 20 !__same_type(*(ptr), void), \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 21 "pointer type mismatch in container_of()"); \ d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 22 ((type *)(__mptr - offsetof(type, member))); }) d2a8ebbf8192b8 Andy Shevchenko 2021-11-08 23 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
