On Mon, May 27, 2024 at 12:26 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > > Hi Alexei, > > kernel test robot noticed the following build warnings: > > url: https://github.com/intel-lab-lkp/linux/commits/Alexei-Starovoitov/selftests-bpf-Remove-i-zero-workaround-and-add-new-tests/20240525-111247 > base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master > patch link: https://lore.kernel.org/r/20240525031156.13545-1-alexei.starovoitov%40gmail.com > patch subject: [PATCH v3 bpf-next 1/2] bpf: Relax precision marking in open coded iters and may_goto loop. > config: nios2-randconfig-r071-20240526 (https://download.01.org/0day-ci/archive/20240526/202405260726.0H6QiGNy-lkp@xxxxxxxxx/config) > compiler: nios2-linux-gcc (GCC) 13.2.0 > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@xxxxxxxxx> > | Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > | Closes: https://lore.kernel.org/r/202405260726.0H6QiGNy-lkp@xxxxxxxxx/ > > New smatch warnings: > kernel/bpf/verifier.c:15315 check_cond_jmp_op() error: uninitialized symbol 'other_dst_reg'. > > Old smatch warnings: > arch/nios2/include/asm/thread_info.h:62 current_thread_info() error: uninitialized symbol 'sp'. > > vim +/other_dst_reg +15315 kernel/bpf/verifier.c > > 58e2af8b3a6b58 Jakub Kicinski 2016-09-21 15108 static int check_cond_jmp_op(struct bpf_verifier_env *env, > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15109 struct bpf_insn *insn, int *insn_idx) > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15110 { > f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 15111 struct bpf_verifier_state *this_branch = env->cur_state; > f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 15112 struct bpf_verifier_state *other_branch; > f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 15113 struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs; > fb8d251ee2a6bf Alexei Starovoitov 2019-06-15 15114 struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15115 struct bpf_reg_state *eq_branch_regs, *other_dst_reg, *other_src_reg = NULL; > c31534267c180f Andrii Nakryiko 2023-11-01 15116 struct bpf_reg_state fake_reg = {}; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15117 u8 opcode = BPF_OP(insn->code); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15118 bool is_jmp32, ignore_pred; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15119 bool has_src_reg = false; > fb8d251ee2a6bf Alexei Starovoitov 2019-06-15 15120 int pred = -1; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15121 int err; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15122 > 092ed0968bb648 Jiong Wang 2019-01-26 15123 /* Only conditional jumps are expected to reach here. */ > 011832b97b311b Alexei Starovoitov 2024-03-05 15124 if (opcode == BPF_JA || opcode > BPF_JCOND) { > 092ed0968bb648 Jiong Wang 2019-01-26 15125 verbose(env, "invalid BPF_JMP/JMP32 opcode %x\n", opcode); > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15126 return -EINVAL; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15127 } > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15128 > 011832b97b311b Alexei Starovoitov 2024-03-05 15129 if (opcode == BPF_JCOND) { > 011832b97b311b Alexei Starovoitov 2024-03-05 15130 struct bpf_verifier_state *cur_st = env->cur_state, *queued_st, *prev_st; > 011832b97b311b Alexei Starovoitov 2024-03-05 15131 int idx = *insn_idx; > 011832b97b311b Alexei Starovoitov 2024-03-05 15132 > 011832b97b311b Alexei Starovoitov 2024-03-05 15133 if (insn->code != (BPF_JMP | BPF_JCOND) || > 011832b97b311b Alexei Starovoitov 2024-03-05 15134 insn->src_reg != BPF_MAY_GOTO || > 011832b97b311b Alexei Starovoitov 2024-03-05 15135 insn->dst_reg || insn->imm || insn->off == 0) { > 011832b97b311b Alexei Starovoitov 2024-03-05 15136 verbose(env, "invalid may_goto off %d imm %d\n", > 011832b97b311b Alexei Starovoitov 2024-03-05 15137 insn->off, insn->imm); > 011832b97b311b Alexei Starovoitov 2024-03-05 15138 return -EINVAL; > 011832b97b311b Alexei Starovoitov 2024-03-05 15139 } > 011832b97b311b Alexei Starovoitov 2024-03-05 15140 prev_st = find_prev_entry(env, cur_st->parent, idx); > 011832b97b311b Alexei Starovoitov 2024-03-05 15141 > 011832b97b311b Alexei Starovoitov 2024-03-05 15142 /* branch out 'fallthrough' insn as a new state to explore */ > 011832b97b311b Alexei Starovoitov 2024-03-05 15143 queued_st = push_stack(env, idx + 1, idx, false); > 011832b97b311b Alexei Starovoitov 2024-03-05 15144 if (!queued_st) > 011832b97b311b Alexei Starovoitov 2024-03-05 15145 return -ENOMEM; > 011832b97b311b Alexei Starovoitov 2024-03-05 15146 > 011832b97b311b Alexei Starovoitov 2024-03-05 15147 queued_st->may_goto_depth++; > 011832b97b311b Alexei Starovoitov 2024-03-05 15148 if (prev_st) > 011832b97b311b Alexei Starovoitov 2024-03-05 15149 widen_imprecise_scalars(env, prev_st, queued_st); > 011832b97b311b Alexei Starovoitov 2024-03-05 15150 *insn_idx += insn->off; > 011832b97b311b Alexei Starovoitov 2024-03-05 15151 return 0; > 011832b97b311b Alexei Starovoitov 2024-03-05 15152 } > 011832b97b311b Alexei Starovoitov 2024-03-05 15153 > d75e30dddf7344 Yafang Shao 2023-08-23 15154 /* check src2 operand */ > d75e30dddf7344 Yafang Shao 2023-08-23 15155 err = check_reg_arg(env, insn->dst_reg, SRC_OP); > d75e30dddf7344 Yafang Shao 2023-08-23 15156 if (err) > d75e30dddf7344 Yafang Shao 2023-08-23 15157 return err; > d75e30dddf7344 Yafang Shao 2023-08-23 15158 > d75e30dddf7344 Yafang Shao 2023-08-23 15159 dst_reg = ®s[insn->dst_reg]; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15160 if (BPF_SRC(insn->code) == BPF_X) { > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15161 if (insn->imm != 0) { > 092ed0968bb648 Jiong Wang 2019-01-26 15162 verbose(env, "BPF_JMP/JMP32 uses reserved fields\n"); > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15163 return -EINVAL; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15164 } > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15165 > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15166 /* check src1 operand */ > dc503a8ad98474 Edward Cree 2017-08-15 15167 err = check_reg_arg(env, insn->src_reg, SRC_OP); > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15168 if (err) > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15169 return err; > 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 15170 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15171 has_src_reg = true; > d75e30dddf7344 Yafang Shao 2023-08-23 15172 src_reg = ®s[insn->src_reg]; > d75e30dddf7344 Yafang Shao 2023-08-23 15173 if (!(reg_is_pkt_pointer_any(dst_reg) && reg_is_pkt_pointer_any(src_reg)) && > d75e30dddf7344 Yafang Shao 2023-08-23 15174 is_pointer_value(env, insn->src_reg)) { > 61bd5218eef349 Jakub Kicinski 2017-10-09 15175 verbose(env, "R%d pointer comparison prohibited\n", > 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 15176 insn->src_reg); > 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 15177 return -EACCES; > 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 15178 } > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15179 } else { > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15180 if (insn->src_reg != BPF_REG_0) { > 092ed0968bb648 Jiong Wang 2019-01-26 15181 verbose(env, "BPF_JMP/JMP32 uses reserved fields\n"); > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15182 return -EINVAL; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15183 } > c31534267c180f Andrii Nakryiko 2023-11-01 15184 src_reg = &fake_reg; > c31534267c180f Andrii Nakryiko 2023-11-01 15185 src_reg->type = SCALAR_VALUE; > c31534267c180f Andrii Nakryiko 2023-11-01 15186 __mark_reg_known(src_reg, insn->imm); > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15187 } > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15188 > 092ed0968bb648 Jiong Wang 2019-01-26 15189 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15190 if (dst_reg->type != SCALAR_VALUE || src_reg->type != SCALAR_VALUE) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15191 ignore_pred = false; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15192 /* > 689049426b9d3b Alexei Starovoitov 2024-05-24 15193 * Compilers often optimize loop exit condition to equality, so > 689049426b9d3b Alexei Starovoitov 2024-05-24 15194 * for (i = 0; i < 100; i++) arr[i] = 1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15195 * becomes > 689049426b9d3b Alexei Starovoitov 2024-05-24 15196 * for (i = 0; i != 100; i++) arr[1] = 1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15197 * Hence treat != and == conditions specially in the verifier. > 689049426b9d3b Alexei Starovoitov 2024-05-24 15198 * Widen only not-predicted branch and keep predict branch as is. Example: > 689049426b9d3b Alexei Starovoitov 2024-05-24 15199 * r1 = 0 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15200 * goto L1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15201 * L2: > 689049426b9d3b Alexei Starovoitov 2024-05-24 15202 * arr[r1] = 1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15203 * r1++ > 689049426b9d3b Alexei Starovoitov 2024-05-24 15204 * L1: > 689049426b9d3b Alexei Starovoitov 2024-05-24 15205 * if r1 != 100 goto L2 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15206 * fallthrough: r1=100 after widening > 689049426b9d3b Alexei Starovoitov 2024-05-24 15207 * other_branch: r1 stays as-is (0, 1, 2, ..) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15208 * > 689049426b9d3b Alexei Starovoitov 2024-05-24 15209 * Also recognize the case where both LHS and RHS are constant and > 689049426b9d3b Alexei Starovoitov 2024-05-24 15210 * equal to each other. In this case don't widen at all and take the > 689049426b9d3b Alexei Starovoitov 2024-05-24 15211 * predicted path. This key heuristic allows the verifier detect loop > 689049426b9d3b Alexei Starovoitov 2024-05-24 15212 * end condition and 'for (i = 0; i != 100; i++)' is validated just > 689049426b9d3b Alexei Starovoitov 2024-05-24 15213 * like bounded loop. > 689049426b9d3b Alexei Starovoitov 2024-05-24 15214 */ > 689049426b9d3b Alexei Starovoitov 2024-05-24 15215 else if (is_reg_const(dst_reg, is_jmp32) && is_reg_const(src_reg, is_jmp32) && > 689049426b9d3b Alexei Starovoitov 2024-05-24 15216 reg_const_value(dst_reg, is_jmp32) == reg_const_value(src_reg, is_jmp32)) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15217 ignore_pred = false; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15218 else > 689049426b9d3b Alexei Starovoitov 2024-05-24 15219 ignore_pred = (get_loop_entry(this_branch) || > 689049426b9d3b Alexei Starovoitov 2024-05-24 15220 this_branch->may_goto_depth) && > 689049426b9d3b Alexei Starovoitov 2024-05-24 15221 /* Gate widen_reg() logic */ > 689049426b9d3b Alexei Starovoitov 2024-05-24 15222 env->bpf_capable; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15223 > c31534267c180f Andrii Nakryiko 2023-11-01 15224 pred = is_branch_taken(dst_reg, src_reg, opcode, is_jmp32); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15225 if (pred >= 0 && !ignore_pred) { > cac616db39c207 John Fastabend 2020-05-21 15226 /* If we get here with a dst_reg pointer type it is because > cac616db39c207 John Fastabend 2020-05-21 15227 * above is_branch_taken() special cased the 0 comparison. > cac616db39c207 John Fastabend 2020-05-21 15228 */ > cac616db39c207 John Fastabend 2020-05-21 15229 if (!__is_pointer_value(false, dst_reg)) > b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 15230 err = mark_chain_precision(env, insn->dst_reg); > 6d94e741a8ff81 Alexei Starovoitov 2020-11-10 15231 if (BPF_SRC(insn->code) == BPF_X && !err && > 6d94e741a8ff81 Alexei Starovoitov 2020-11-10 15232 !__is_pointer_value(false, src_reg)) > b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 15233 err = mark_chain_precision(env, insn->src_reg); > b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 15234 if (err) > b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 15235 return err; > b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 15236 } > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15237 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15238 if (pred < 0 || ignore_pred) { > 689049426b9d3b Alexei Starovoitov 2024-05-24 15239 other_branch = push_stack(env, *insn_idx + insn->off + 1, *insn_idx, > 689049426b9d3b Alexei Starovoitov 2024-05-24 15240 false); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15241 if (!other_branch) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15242 return -EFAULT; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15243 other_branch_regs = other_branch->frame[other_branch->curframe]->regs; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15244 other_dst_reg = &other_branch_regs[insn->dst_reg]; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15245 if (has_src_reg) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15246 other_src_reg = &other_branch_regs[insn->src_reg]; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15247 } > > other_dst_reg not set on else path. > > 689049426b9d3b Alexei Starovoitov 2024-05-24 15248 > 4f7b3e82589e0d Alexei Starovoitov 2018-12-03 15249 if (pred == 1) { > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15250 /* Only follow the goto, ignore fall-through. If needed, push > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15251 * the fall-through branch for simulation under speculative > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15252 * execution. > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15253 */ > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15254 if (!env->bypass_spec_v1 && > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15255 !sanitize_speculative_path(env, insn, *insn_idx + 1, > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15256 *insn_idx)) > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15257 return -EFAULT; > 1a8a315f008a58 Andrii Nakryiko 2023-10-11 15258 if (env->log.level & BPF_LOG_LEVEL) > 1a8a315f008a58 Andrii Nakryiko 2023-10-11 15259 print_insn_state(env, this_branch->frame[this_branch->curframe]); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15260 if (ignore_pred) { > 689049426b9d3b Alexei Starovoitov 2024-05-24 15261 /* dst and src regs are scalars. Widen them */ > 689049426b9d3b Alexei Starovoitov 2024-05-24 15262 widen_reg(dst_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15263 if (has_src_reg) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15264 widen_reg(src_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15265 /* > 689049426b9d3b Alexei Starovoitov 2024-05-24 15266 * Widen other branch only if not comparing for equlity. > 689049426b9d3b Alexei Starovoitov 2024-05-24 15267 * Example: > 689049426b9d3b Alexei Starovoitov 2024-05-24 15268 * r1 = 1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15269 * if (r1 < 100) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15270 * will produce > 689049426b9d3b Alexei Starovoitov 2024-05-24 15271 * [0, 99] and [100, UMAX] after widening and reg_set_min_max(). > 689049426b9d3b Alexei Starovoitov 2024-05-24 15272 * > 689049426b9d3b Alexei Starovoitov 2024-05-24 15273 * r1 = 1 > 689049426b9d3b Alexei Starovoitov 2024-05-24 15274 * if (r1 == 100) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15275 * will produce > 689049426b9d3b Alexei Starovoitov 2024-05-24 15276 * [1] and [100] after widening in other_branch and reg_set_min_max(). > 689049426b9d3b Alexei Starovoitov 2024-05-24 15277 */ > 689049426b9d3b Alexei Starovoitov 2024-05-24 15278 if (opcode != BPF_JEQ && opcode != BPF_JNE) { > 689049426b9d3b Alexei Starovoitov 2024-05-24 15279 widen_reg(other_dst_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15280 if (has_src_reg) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15281 widen_reg(other_src_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15282 } > 689049426b9d3b Alexei Starovoitov 2024-05-24 15283 } else { > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15284 *insn_idx += insn->off; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15285 return 0; > 689049426b9d3b Alexei Starovoitov 2024-05-24 15286 } > 4f7b3e82589e0d Alexei Starovoitov 2018-12-03 15287 } else if (pred == 0) { > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15288 /* Only follow the fall-through branch, since that's where the > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15289 * program will go. If needed, push the goto branch for > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15290 * simulation under speculative execution. > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15291 */ > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15292 if (!env->bypass_spec_v1 && > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15293 !sanitize_speculative_path(env, insn, > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15294 *insn_idx + insn->off + 1, > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15295 *insn_idx)) > 9183671af6dbf6 Daniel Borkmann 2021-05-28 15296 return -EFAULT; > 1a8a315f008a58 Andrii Nakryiko 2023-10-11 15297 if (env->log.level & BPF_LOG_LEVEL) > 1a8a315f008a58 Andrii Nakryiko 2023-10-11 15298 print_insn_state(env, this_branch->frame[this_branch->curframe]); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15299 if (ignore_pred) { > 689049426b9d3b Alexei Starovoitov 2024-05-24 15300 if (opcode != BPF_JEQ && opcode != BPF_JNE) { > 689049426b9d3b Alexei Starovoitov 2024-05-24 15301 widen_reg(dst_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15302 if (has_src_reg) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15303 widen_reg(src_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15304 } > 689049426b9d3b Alexei Starovoitov 2024-05-24 15305 widen_reg(other_dst_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15306 if (has_src_reg) > 689049426b9d3b Alexei Starovoitov 2024-05-24 15307 widen_reg(other_src_reg); > 689049426b9d3b Alexei Starovoitov 2024-05-24 15308 } else { > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15309 return 0; > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15310 } > 689049426b9d3b Alexei Starovoitov 2024-05-24 15311 } > 17a5267067f3c3 Alexei Starovoitov 2014-09-26 15312 > 484611357c19f9 Josef Bacik 2016-09-28 15313 if (BPF_SRC(insn->code) == BPF_X) { > 5f99f312bd3bed Andrii Nakryiko 2023-11-11 15314 err = reg_set_min_max(env, > 689049426b9d3b Alexei Starovoitov 2024-05-24 @15315 other_dst_reg, other_src_reg, > ^^^^^^^^^^^^^ > > 4621202adc5bc0 Andrii Nakryiko 2023-11-01 15316 dst_reg, src_reg, opcode, is_jmp32); > 4621202adc5bc0 Andrii Nakryiko 2023-11-01 15317 } else /* BPF_SRC(insn->code) == BPF_K */ { > 5f99f312bd3bed Andrii Nakryiko 2023-11-11 15318 err = reg_set_min_max(env, > 689049426b9d3b Alexei Starovoitov 2024-05-24 15319 other_dst_reg, > ^^^^^^^^^^^^^ > Passed to reg_set_min_max() without being initialized. No. It's initialized when passed. It's a false positive. Try to make smatch smarter?
