Hi Jens, FYI, the error/warning was bisected to this commit, please ignore it if it's irrelevant. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: cc7cb040bd0afe96f1da94c9f21eda5a986510a5 commit: c6e864fee7c3dd416048d129997c7def53cb9ed8 [1421/1421] net: separate out the msghdr copy from ___sys_{send,recv}msg() config: x86_64-buildonly-randconfig-002-20250208 (https://download.01.org/0day-ci/archive/20250208/202502082355.jrzYRRaD-lkp@i...) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250208/202502082355.jrzYRRaD-lkp@i...) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202502082355.jrzYRRaD-lkp@intel.com/ Note: it may well be a FALSE warning. FWIW you are at least aware of it now. http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings All warnings (new ones prefixed by >>): In function '__sock_release', inlined from 'sock_close' at net/socket.c:1140:2: net/socket.c:579:21: warning: array subscript -1 is outside array bounds of 'struct inode[9078122083518480]' [-Warray-bounds] 579 | sock->ops->release(sock); | ~~~~^~~~~ net/socket.c:580:26: warning: array subscript -1 is outside array bounds of 'struct inode[9078122083518480]' [-Warray-bounds] 580 | sock->sk = NULL; In file included from arch/x86/include/asm/preempt.h:7, from include/linux/preempt.h:81, from include/linux/spinlock.h:51, from include/linux/mmzone.h:9, from include/linux/gfp.h:6, from include/linux/mm.h:11, from net/socket.c:61: In function 'check_object_size', inlined from 'check_copy_size' at include/linux/thread_info.h:90:2, inlined from 'copy_from_user' at include/linux/uaccess.h:143:6, inlined from '____sys_sendmsg' at net/socket.c:2110:7:
include/linux/thread_info.h:59:17: warning: 'ctl' may be used uninitialized [-Wmaybe-uninitialized] 59 | __check_object_size(ptr, n, to_user); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/thread_info.h: In function '____sys_sendmsg': include/linux/thread_info.h:52:13: note: by argument 1 of type 'const void *' to '__check_object_size' declared here 52 | extern void __check_object_size(const void *ptr, unsigned long n, | ^~~~~~~~~~~~~~~~~~~ net/socket.c:2075:23: note: 'ctl' declared here 2075 | unsigned char ctl[sizeof(struct cmsghdr) + 20] | ^~~ In function 'check_object_size', inlined from 'check_copy_size' at include/linux/thread_info.h:90:2, inlined from 'copy_from_user' at include/linux/uaccess.h:143:6, inlined from '__do_sys_socketcall' at net/socket.c:2618:6, inlined from '__se_sys_socketcall' at net/socket.c:2602:1: include/linux/thread_info.h:59:17: warning: 'a' may be used uninitialized [-Wmaybe-uninitialized] 59 | __check_object_size(ptr, n, to_user); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/thread_info.h: In function '__se_sys_socketcall': include/linux/thread_info.h:52:13: note: by argument 1 of type 'const void *' to '__check_object_size' declared here 52 | extern void __check_object_size(const void *ptr, unsigned long n, | ^~~~~~~~~~~~~~~~~~~ net/socket.c:2604:23: note: 'a' declared here 2604 | unsigned long a[AUDITSC_ARGS]; | ^ net/socket.c:573: warning: Function parameter or member 'inode' not described in '__sock_release'
vim +/ctl +59 include/linux/thread_info.h 0f60a8efe4005a Kees Cook 2016-07-12 50 f5509cc18daa7f Kees Cook 2016-06-07 51 #ifdef CONFIG_HARDENED_USERCOPY f5509cc18daa7f Kees Cook 2016-06-07 52 extern void __check_object_size(const void *ptr, unsigned long n, f5509cc18daa7f Kees Cook 2016-06-07 53 bool to_user); f5509cc18daa7f Kees Cook 2016-06-07 54 a85d6b8242dc78 Kees Cook 2016-09-07 55 static __always_inline void check_object_size(const void *ptr, unsigned long n, f5509cc18daa7f Kees Cook 2016-06-07 56 bool to_user) f5509cc18daa7f Kees Cook 2016-06-07 57 { 81409e9e280588 Kees Cook 2016-08-31 58 if (!__builtin_constant_p(n)) f5509cc18daa7f Kees Cook 2016-06-07 @59 __check_object_size(ptr, n, to_user); f5509cc18daa7f Kees Cook 2016-06-07 60 } f5509cc18daa7f Kees Cook 2016-06-07 61 #else f5509cc18daa7f Kees Cook 2016-06-07 62 static inline void check_object_size(const void *ptr, unsigned long n, f5509cc18daa7f Kees Cook 2016-06-07 63 bool to_user) f5509cc18daa7f Kees Cook 2016-06-07 64 { } f5509cc18daa7f Kees Cook 2016-06-07 65 #endif /* CONFIG_HARDENED_USERCOPY */ f5509cc18daa7f Kees Cook 2016-06-07 66 :::::: The code at line 59 was first introduced by commit :::::: f5509cc18daa7f82bcc553be70df2117c8eedc16 mm: Hardened usercopy :::::: TO: Kees Cook <keescook@chromium.org> :::::: CC: Kees Cook <keescook@chromium.org> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki