* [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
@ 2021-09-11 20:07 kernel test robot
2021-09-14 12:26 ` kernel test robot
0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2021-09-11 20:07 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 13757 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: David Howells <dhowells@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head: 7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
git fetch --no-tags dhowells-fs fscache-iter-2
git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
fs/exfat/dir.c:247:6: note: 'err' is 0
if (err)
^~~
fs/exfat/dir.c:247:2: note: Taking false branch
if (err)
^
fs/exfat/dir.c:250:6: note: Assuming field 'flags' is not equal to ALLOC_NO_FAT_CHAIN
if (ei->flags == ALLOC_NO_FAT_CHAIN && cpos >= i_size_read(inode))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/exfat/dir.c:250:38: note: Left side of '&&' is false
if (ei->flags == ALLOC_NO_FAT_CHAIN && cpos >= i_size_read(inode))
^
fs/exfat/dir.c:253:8: note: Calling 'exfat_readdir'
err = exfat_readdir(inode, &cpos, &de);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/exfat/dir.c:78:6: note: Assuming field 'type' is equal to TYPE_DIR
if (ei->type != TYPE_DIR)
^~~~~~~~~~~~~~~~~~~~
fs/exfat/dir.c:78:2: note: Taking false branch
if (ei->type != TYPE_DIR)
^
fs/exfat/dir.c:81:6: note: Assuming the condition is true
if (ei->entry == -1)
^~~~~~~~~~~~~~~
fs/exfat/dir.c:81:2: note: Taking true branch
if (ei->entry == -1)
^
fs/exfat/dir.c:88:26: note: '?' condition is false
dentries_per_clu_bits = ilog2(dentries_per_clu);
^
include/linux/log2.h:158:2: note: expanded from macro 'ilog2'
__builtin_constant_p(n) ? \
^
fs/exfat/dir.c:88:26: note: '?' condition is true
dentries_per_clu_bits = ilog2(dentries_per_clu);
^
include/linux/log2.h:161:2: note: expanded from macro 'ilog2'
(sizeof(n) <= 4) ? \
^
fs/exfat/dir.c:88:26: note: Calling '__ilog2_u32'
dentries_per_clu_bits = ilog2(dentries_per_clu);
^
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
include/linux/log2.h:24:2: note: Returning the value -1
return fls(n) - 1;
^~~~~~~~~~~~~~~~~
fs/exfat/dir.c:88:26: note: Returning from '__ilog2_u32'
dentries_per_clu_bits = ilog2(dentries_per_clu);
^
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
fs/exfat/dir.c:88:2: note: The value -1 is assigned to 'dentries_per_clu_bits'
dentries_per_clu_bits = ilog2(dentries_per_clu);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/exfat/dir.c:89:31: note: Assuming '__UNIQUE_ID___x264' is >= '__UNIQUE_ID___y265'
max_dentries = (unsigned int)min_t(u64, MAX_EXFAT_DENTRIES,
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^~~~~~~~~~
fs/exfat/dir.c:89:31: note: '?' condition is false
max_dentries = (unsigned int)min_t(u64, MAX_EXFAT_DENTRIES,
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^
fs/exfat/dir.c:92:22: note: The result of the right shift is undefined because the right operand is negative
clu_offset = dentry >> dentries_per_clu_bits;
^ ~~~~~~~~~~~~~~~~~~~~~
Suppressed 9 warnings (2 in non-user code, 7 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
10 warnings generated.
Suppressed 10 warnings (3 in non-user code, 7 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
10 warnings generated.
Suppressed 10 warnings (3 in non-user code, 7 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
>> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
return volume;
^ ~~~~~~
fs/fscache/volume.c:276:11: note: Calling 'fscache_alloc_volume'
volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:164:6: note: Assuming 'cache_name' is non-null
if (!cache_name)
^~~~~~~~~~~
fs/fscache/volume.c:164:2: note: Taking false branch
if (!cache_name)
^
fs/fscache/volume.c:168:6: note: Assuming 'cache' is non-null
if (!cache)
^~~~~~
fs/fscache/volume.c:168:2: note: Taking false branch
if (!cache)
^
fs/fscache/volume.c:172:6: note: Assuming 'volume' is non-null
if (!volume)
^~~~~~~
fs/fscache/volume.c:172:2: note: Taking false branch
if (!volume)
^
fs/fscache/volume.c:178:2: note: Loop condition is false. Exiting loop
INIT_WORK(&volume->work, fscache_create_volume_work);
^
include/linux/workqueue.h:250:2: note: expanded from macro 'INIT_WORK'
__INIT_WORK((_work), (_func), 0)
^
include/linux/workqueue.h:241:2: note: expanded from macro '__INIT_WORK'
do { \
^
fs/fscache/volume.c:180:2: note: Loop condition is false. Exiting loop
spin_lock_init(&volume->lock);
^
include/linux/spinlock.h:344:34: note: expanded from macro 'spin_lock_init'
# define spin_lock_init(_lock) \
^
fs/fscache/volume.c:188:6: note: Assuming 'key' is non-null
if (!key)
^~~~
fs/fscache/volume.c:188:2: note: Taking false branch
if (!key)
^
fs/fscache/volume.c:202:2: note: Loop condition is false. Exiting loop
fscache_stat(&fscache_n_volumes);
^
fs/fscache/internal.h:111:28: note: expanded from macro 'fscache_stat'
#define fscache_stat(stat) do {} while (0)
^
fs/fscache/volume.c:204:2: note: Taking false branch
_leave(" = v=%x", volume->debug_id);
^
fs/fscache/internal.h:189:26: note: expanded from macro '_leave'
#define _leave(FMT, ...) no_printk("<== %s()"FMT"", __func__, ##__VA_ARGS__)
^
include/linux/printk.h:140:2: note: expanded from macro 'no_printk'
if (0) \
^
fs/fscache/volume.c:276:11: note: Returning from 'fscache_alloc_volume'
volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:277:7: note: 'volume' is non-null
if (!volume)
^~~~~~
fs/fscache/volume.c:277:2: note: Taking false branch
if (!volume)
^
fs/fscache/volume.c:280:2: note: Taking false branch
if (!fscache_hash_volume(volume)) {
^
fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:6: note: Assuming the condition is false
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:2: note: Taking false branch
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^
fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
if (volume->cache_priv)
^~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:245:2: note: Taking false branch
if (volume->cache_priv)
^
fs/fscache/volume.c:247:6: note: Assuming the condition is false
if (!fscache_begin_cache_access(volume->cache,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:247:2: note: Taking false branch
if (!fscache_begin_cache_access(volume->cache,
^
fs/fscache/volume.c:252:6: note: Assuming the condition is true
if (!schedule_work(&volume->work))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:252:2: note: Taking true branch
if (!schedule_work(&volume->work))
^
fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
fscache_put_volume(volume, fscache_volume_put_create_work);
vim +286 fs/fscache/volume.c
f463b2680fc340 David Howells 2020-02-06 266
f463b2680fc340 David Howells 2020-02-06 267 /*
f463b2680fc340 David Howells 2020-02-06 268 * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06 269 */
f463b2680fc340 David Howells 2020-02-06 270 struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06 271 const char *cache_name,
f463b2680fc340 David Howells 2020-02-06 272 u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06 273 {
f463b2680fc340 David Howells 2020-02-06 274 struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06 275
f463b2680fc340 David Howells 2020-02-06 276 volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06 277 if (!volume)
f463b2680fc340 David Howells 2020-02-06 278 return NULL;
f463b2680fc340 David Howells 2020-02-06 279
f463b2680fc340 David Howells 2020-02-06 280 if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06 281 fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06 282 return NULL;
f463b2680fc340 David Howells 2020-02-06 283 }
f463b2680fc340 David Howells 2020-02-06 284
f463b2680fc340 David Howells 2020-02-06 285 fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286 return volume;
f463b2680fc340 David Howells 2020-02-06 287 }
f463b2680fc340 David Howells 2020-02-06 288 EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06 289
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 33735 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
2021-09-11 20:07 [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] kernel test robot
@ 2021-09-14 12:26 ` kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-09-14 12:26 UTC (permalink / raw)
To: David Howells; +Cc: llvm, kbuild-all, Linux Kernel Mailing List
[-- Attachment #1: Type: text/plain, Size: 7408 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head: 7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
git fetch --no-tags dhowells-fs fscache-iter-2
git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
return volume;
^ ~~~~~~
fs/fscache/volume.c:277:7: note: 'volume' is non-null
if (!volume)
^~~~~~
fs/fscache/volume.c:277:2: note: Taking false branch
if (!volume)
^
fs/fscache/volume.c:280:2: note: Taking false branch
if (!fscache_hash_volume(volume)) {
^
fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:6: note: Assuming the condition is false
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:2: note: Taking false branch
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^
fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
if (volume->cache_priv)
^~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:245:2: note: Taking false branch
if (volume->cache_priv)
^
fs/fscache/volume.c:247:6: note: Assuming the condition is false
if (!fscache_begin_cache_access(volume->cache,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:247:2: note: Taking false branch
if (!fscache_begin_cache_access(volume->cache,
^
fs/fscache/volume.c:252:6: note: Assuming the condition is true
if (!schedule_work(&volume->work))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:252:2: note: Taking true branch
if (!schedule_work(&volume->work))
^
fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:359:6: note: 'volume' is non-null
if (volume) {
^~~~~~
fs/fscache/volume.c:359:2: note: Taking true branch
if (volume) {
^
fs/fscache/volume.c:366:7: note: 'zero' is true
if (zero)
^~~~
fs/fscache/volume.c:366:3: note: Taking true branch
if (zero)
^
fs/fscache/volume.c:367:4: note: Calling 'fscache_free_volume'
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:331:2: note: Taking false branch
if (fscache_begin_volume_access(volume, fscache_access_relinquish_volume)) {
^
fs/fscache/volume.c:343:2: note: Taking false branch
if (!hlist_bl_unhashed(&volume->hash_link))
^
fs/fscache/volume.c:348:2: note: Memory is released
kfree(volume);
^~~~~~~~~~~~~
fs/fscache/volume.c:349:2: note: Loop condition is false. Exiting loop
fscache_stat_d(&fscache_n_volumes);
^
fs/fscache/internal.h:112:30: note: expanded from macro 'fscache_stat_d'
#define fscache_stat_d(stat) do {} while (0)
^
fs/fscache/volume.c:367:4: note: Returning; memory was released via 1st parameter
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:253:3: note: Returning; memory was released via 1st parameter
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:256:6: note: 'wait' is false
if (wait) {
^~~~
fs/fscache/volume.c:256:2: note: Taking false branch
if (wait) {
^
fs/fscache/volume.c:285:2: note: Returning; memory was released via 1st parameter
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:286:2: note: Use of memory after it is freed
return volume;
^ ~~~~~~
vim +286 fs/fscache/volume.c
f463b2680fc340 David Howells 2020-02-06 266
f463b2680fc340 David Howells 2020-02-06 267 /*
f463b2680fc340 David Howells 2020-02-06 268 * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06 269 */
f463b2680fc340 David Howells 2020-02-06 270 struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06 271 const char *cache_name,
f463b2680fc340 David Howells 2020-02-06 272 u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06 273 {
f463b2680fc340 David Howells 2020-02-06 274 struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06 275
f463b2680fc340 David Howells 2020-02-06 276 volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06 277 if (!volume)
f463b2680fc340 David Howells 2020-02-06 278 return NULL;
f463b2680fc340 David Howells 2020-02-06 279
f463b2680fc340 David Howells 2020-02-06 280 if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06 281 fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06 282 return NULL;
f463b2680fc340 David Howells 2020-02-06 283 }
f463b2680fc340 David Howells 2020-02-06 284
f463b2680fc340 David Howells 2020-02-06 285 fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286 return volume;
f463b2680fc340 David Howells 2020-02-06 287 }
f463b2680fc340 David Howells 2020-02-06 288 EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06 289
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 33735 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
@ 2021-09-14 12:26 ` kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-09-14 12:26 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 7557 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head: 7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
git fetch --no-tags dhowells-fs fscache-iter-2
git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
return volume;
^ ~~~~~~
fs/fscache/volume.c:277:7: note: 'volume' is non-null
if (!volume)
^~~~~~
fs/fscache/volume.c:277:2: note: Taking false branch
if (!volume)
^
fs/fscache/volume.c:280:2: note: Taking false branch
if (!fscache_hash_volume(volume)) {
^
fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:6: note: Assuming the condition is false
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:2: note: Taking false branch
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^
fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
if (volume->cache_priv)
^~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:245:2: note: Taking false branch
if (volume->cache_priv)
^
fs/fscache/volume.c:247:6: note: Assuming the condition is false
if (!fscache_begin_cache_access(volume->cache,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:247:2: note: Taking false branch
if (!fscache_begin_cache_access(volume->cache,
^
fs/fscache/volume.c:252:6: note: Assuming the condition is true
if (!schedule_work(&volume->work))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:252:2: note: Taking true branch
if (!schedule_work(&volume->work))
^
fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:359:6: note: 'volume' is non-null
if (volume) {
^~~~~~
fs/fscache/volume.c:359:2: note: Taking true branch
if (volume) {
^
fs/fscache/volume.c:366:7: note: 'zero' is true
if (zero)
^~~~
fs/fscache/volume.c:366:3: note: Taking true branch
if (zero)
^
fs/fscache/volume.c:367:4: note: Calling 'fscache_free_volume'
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:331:2: note: Taking false branch
if (fscache_begin_volume_access(volume, fscache_access_relinquish_volume)) {
^
fs/fscache/volume.c:343:2: note: Taking false branch
if (!hlist_bl_unhashed(&volume->hash_link))
^
fs/fscache/volume.c:348:2: note: Memory is released
kfree(volume);
^~~~~~~~~~~~~
fs/fscache/volume.c:349:2: note: Loop condition is false. Exiting loop
fscache_stat_d(&fscache_n_volumes);
^
fs/fscache/internal.h:112:30: note: expanded from macro 'fscache_stat_d'
#define fscache_stat_d(stat) do {} while (0)
^
fs/fscache/volume.c:367:4: note: Returning; memory was released via 1st parameter
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:253:3: note: Returning; memory was released via 1st parameter
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:256:6: note: 'wait' is false
if (wait) {
^~~~
fs/fscache/volume.c:256:2: note: Taking false branch
if (wait) {
^
fs/fscache/volume.c:285:2: note: Returning; memory was released via 1st parameter
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:286:2: note: Use of memory after it is freed
return volume;
^ ~~~~~~
vim +286 fs/fscache/volume.c
f463b2680fc340 David Howells 2020-02-06 266
f463b2680fc340 David Howells 2020-02-06 267 /*
f463b2680fc340 David Howells 2020-02-06 268 * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06 269 */
f463b2680fc340 David Howells 2020-02-06 270 struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06 271 const char *cache_name,
f463b2680fc340 David Howells 2020-02-06 272 u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06 273 {
f463b2680fc340 David Howells 2020-02-06 274 struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06 275
f463b2680fc340 David Howells 2020-02-06 276 volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06 277 if (!volume)
f463b2680fc340 David Howells 2020-02-06 278 return NULL;
f463b2680fc340 David Howells 2020-02-06 279
f463b2680fc340 David Howells 2020-02-06 280 if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06 281 fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06 282 return NULL;
f463b2680fc340 David Howells 2020-02-06 283 }
f463b2680fc340 David Howells 2020-02-06 284
f463b2680fc340 David Howells 2020-02-06 285 fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286 return volume;
f463b2680fc340 David Howells 2020-02-06 287 }
f463b2680fc340 David Howells 2020-02-06 288 EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06 289
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 33735 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-14 12:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-11 20:07 [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] kernel test robot
2021-09-14 12:26 ` kernel test robot
2021-09-14 12:26 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.