CC: [email protected] CC: [email protected] CC: [email protected] TO: Goldwyn Rodrigues <[email protected]>
tree: https://github.com/goldwynr/linux iomap head: fd871fa60e5495543660657e665f1a6c13d0af97 commit: 9b0be4cce9f84675546603825aa366923670b7bf [10/33] btrfs: Don't process pages if locked_page is NULL :::::: branch date: 4 days ago :::::: commit date: 4 days ago config: x86_64-randconfig-c007-20220102 (https://download.01.org/0day-ci/archive/20220105/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project b50fea47b6c454581fce89af359f3afe5154986c) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/goldwynr/linux/commit/9b0be4cce9f84675546603825aa366923670b7bf git remote add goldwynr https://github.com/goldwynr/linux git fetch --no-tags goldwynr iomap git checkout 9b0be4cce9f84675546603825aa366923670b7bf # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:938:6: note: Assuming field 'locked_page' is null if (async_chunk->locked_page) { ^~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:938:2: note: Taking false branch if (async_chunk->locked_page) { ^ fs/btrfs/inode.c:948:6: note: Assuming field 'pages' is non-null if (!async_extent->pages) ^~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:948:2: note: Taking false branch if (!async_extent->pages) ^ fs/btrfs/inode.c:955:6: note: Assuming 'ret' is not equal to 0 if (ret) { ^~~ fs/btrfs/inode.c:955:2: note: Taking true branch if (ret) { ^ fs/btrfs/inode.c:964:3: note: Control jumps to line 1023 goto out_free; ^ fs/btrfs/inode.c:1030:2: note: Memory is released kfree(async_extent); ^~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1057:9: note: Returning; memory was released ret = submit_one_async_extent(inode, async_chunk, async_extent, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body while (!list_empty(&async_chunk->extents)) { ^ fs/btrfs/inode.c:1053:3: note: Calling 'list_del' list_del(&async_extent->list); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:148:2: note: Calling '__list_del_entry' __list_del_entry(entry); ^~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:134:6: note: Assuming the condition is false if (!__list_del_entry_valid(entry)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:134:2: note: Taking false branch if (!__list_del_entry_valid(entry)) ^ include/linux/list.h:137:13: note: Use of memory after it is freed __list_del(entry->prev, entry->next); ^~~~~~~~~~~ include/linux/list.h:149:14: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] entry->next = LIST_POISON1; ^ fs/btrfs/inode.c:1368:6: note: Assuming field 'inode' is non-null if (async_chunk->inode) ^~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1368:2: note: Taking true branch if (async_chunk->inode) ^ fs/btrfs/inode.c:1369:3: note: Calling 'submit_compressed_extents' submit_compressed_extents(async_chunk); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body while (!list_empty(&async_chunk->extents)) { ^ fs/btrfs/inode.c:1057:9: note: Calling 'submit_one_async_extent' ret = submit_one_async_extent(inode, async_chunk, async_extent, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:938:6: note: Assuming field 'locked_page' is null if (async_chunk->locked_page) { ^~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:938:2: note: Taking false branch if (async_chunk->locked_page) { ^ fs/btrfs/inode.c:948:6: note: Assuming field 'pages' is non-null if (!async_extent->pages) ^~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:948:2: note: Taking false branch if (!async_extent->pages) ^ fs/btrfs/inode.c:955:6: note: Assuming 'ret' is not equal to 0 if (ret) { ^~~ fs/btrfs/inode.c:955:2: note: Taking true branch if (ret) { ^ fs/btrfs/inode.c:964:3: note: Control jumps to line 1023 goto out_free; ^ fs/btrfs/inode.c:1030:2: note: Memory is released kfree(async_extent); ^~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1057:9: note: Returning; memory was released ret = submit_one_async_extent(inode, async_chunk, async_extent, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body while (!list_empty(&async_chunk->extents)) { ^ fs/btrfs/inode.c:1053:3: note: Calling 'list_del' list_del(&async_extent->list); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:149:14: note: Use of memory after it is freed entry->next = LIST_POISON1; ~~~~~~~~~~~ ^ >> include/linux/pagemap.h:691:18: warning: Dereference of null pointer >> [clang-analyzer-core.NullDereference] return ((loff_t)page->index) << PAGE_SHIFT; ^ fs/btrfs/inode.c:2003:6: note: Assuming 'locked_page' is null if (locked_page) ^~~~~~~~~~~ fs/btrfs/inode.c:2003:2: note: Taking false branch if (locked_page) ^ fs/btrfs/inode.c:2007:6: note: Calling 'should_nocow' if (should_nocow(inode, start, end)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1978:6: note: Assuming the condition is true if (inode->flags & (BTRFS_INODE_NODATACOW | BTRFS_INODE_PREALLOC)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1978:2: note: Taking true branch if (inode->flags & (BTRFS_INODE_NODATACOW | BTRFS_INODE_PREALLOC)) { ^ fs/btrfs/inode.c:1979:7: note: Assuming field 'defrag_bytes' is 0 if (inode->defrag_bytes && ^~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:1979:27: note: Left side of '&&' is false if (inode->defrag_bytes && ^ fs/btrfs/inode.c:1983:3: note: Returning the value 1, which participates in a condition later return true; ^~~~~~~~~~~ fs/btrfs/inode.c:2007:6: note: Returning from 'should_nocow' if (should_nocow(inode, start, end)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:2007:2: note: Taking true branch if (should_nocow(inode, start, end)) { ^ fs/btrfs/inode.c:2015:11: note: 'zoned' is false ASSERT(!zoned || ^ fs/btrfs/ctree.h:3526:29: note: expanded from macro 'ASSERT' #define ASSERT(expr) (void)(expr) ^~~~ fs/btrfs/inode.c:2015:17: note: Left side of '||' is true ASSERT(!zoned || ^ fs/btrfs/inode.c:2032:9: note: Assuming 'ret' is > 0 ASSERT(ret <= 0); ^ fs/btrfs/ctree.h:3526:29: note: expanded from macro 'ASSERT' #define ASSERT(expr) (void)(expr) ^~~~ fs/btrfs/inode.c:2033:6: note: 'ret' is not equal to 0 if (ret) ^~~ fs/btrfs/inode.c:2033:2: note: Taking true branch if (ret) ^ fs/btrfs/inode.c:2034:40: note: Passing null pointer value via 2nd parameter 'locked_page' btrfs_cleanup_ordered_extents(inode, locked_page, start, ^~~~~~~~~~~ fs/btrfs/inode.c:2034:3: note: Calling 'btrfs_cleanup_ordered_extents' btrfs_cleanup_ordered_extents(inode, locked_page, start, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/inode.c:164:31: note: Passing null pointer value via 1st parameter 'page' u64 page_start = page_offset(locked_page); ^~~~~~~~~~~ fs/btrfs/inode.c:164:19: note: Calling 'page_offset' u64 page_start = page_offset(locked_page); ^~~~~~~~~~~~~~~~~~~~~~~~ include/linux/pagemap.h:691:18: note: Dereference of null pointer return ((loff_t)page->index) << PAGE_SHIFT; ^~~~~~~~~~~ Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. drivers/media/common/videobuf2/videobuf2-core.c:1929:10: warning: Access to field 'state' results in a dereference of a null pointer (loaded from variable 'vb') [clang-analyzer-core.NullDereference] switch (vb->state) { ^ drivers/media/common/videobuf2/videobuf2-core.c:2921:6: note: Assuming field 'is_output' is 0 if (q->is_output) { ^~~~~~~~~~~~ drivers/media/common/videobuf2/videobuf2-core.c:2921:2: note: Taking false branch if (q->is_output) { ^ drivers/media/common/videobuf2/videobuf2-core.c:2928:2: note: Loop condition is true. Entering loop body for (;;) { ^ drivers/media/common/videobuf2/videobuf2-core.c:2934:7: note: 'prequeue' is 0 if (prequeue) { ^~~~~~~~ drivers/media/common/videobuf2/videobuf2-core.c:2934:3: note: Taking false branch if (prequeue) { ^ drivers/media/common/videobuf2/videobuf2-core.c:2938:4: note: Assuming 'debug' is < 2 call_void_qop(q, wait_finish, q); ^ drivers/media/common/videobuf2/videobuf2-core.c:110:2: note: expanded from macro 'call_void_qop' log_qop(q, op); \ ^~~~~~~~~~~~~~ drivers/media/common/videobuf2/videobuf2-core.c:94:2: note: expanded from macro 'log_qop' dprintk(q, 2, "call_qop(%s)%s\n", #op, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/common/videobuf2/videobuf2-core.c:39:7: note: expanded from macro 'dprintk' if (debug >= level) \ vim +691 include/linux/pagemap.h 5cbc198ae08d84 Kirill A. Shutemov 2016-11-30 685 ^1da177e4c3f41 Linus Torvalds 2005-04-16 686 /* ^1da177e4c3f41 Linus Torvalds 2005-04-16 687 * Return byte-offset into filesystem object for page. ^1da177e4c3f41 Linus Torvalds 2005-04-16 688 */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 689 static inline loff_t page_offset(struct page *page) ^1da177e4c3f41 Linus Torvalds 2005-04-16 690 { 09cbfeaf1a5a67 Kirill A. Shutemov 2016-04-01 @691 return ((loff_t)page->index) << PAGE_SHIFT; ^1da177e4c3f41 Linus Torvalds 2005-04-16 692 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 693 :::::: The code at line 691 was first introduced by commit :::::: 09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros :::::: TO: Kirill A. Shutemov <[email protected]> :::::: CC: Linus Torvalds <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
