* net/ceph/messenger_v2.c:370:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
@ 2021-12-08 0:51 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2021-12-08 0:51 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14170 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Ilya Dryomov <idryomov@gmail.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: cd8c917a56f20f48748dd43d9ae3caff51d5b987
commit: cd1a677cad994021b19665ed476aea63f5d54f31 libceph, ceph: implement msgr2.1 protocol (crc and secure modes)
date: 12 months ago
:::::: branch date: 24 hours ago
:::::: commit date: 12 months ago
config: riscv-randconfig-c006-20211207 (https://download.01.org/0day-ci/archive/20211208/202112080801.YmDXWRX6-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 097a1cb1d5ebb3a0ec4bcaed8ba3ff6a8e33c00a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd1a677cad994021b19665ed476aea63f5d54f31
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout cd1a677cad994021b19665ed476aea63f5d54f31
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~
net/rds/message.c:176:7: note: Assuming the condition is false
WARN(!refcount_read(&rm->m_refcount), "danger refcount zero on %p\n", rm);
^
include/asm-generic/bug.h:195:25: note: expanded from macro 'WARN'
int __ret_warn_on = !!(condition); \
^~~~~~~~~
net/rds/message.c:176:2: note: Taking false branch
WARN(!refcount_read(&rm->m_refcount), "danger refcount zero on %p\n", rm);
^
include/asm-generic/bug.h:196:2: note: expanded from macro 'WARN'
no_printk(format); \
^
include/linux/printk.h:139:2: note: expanded from macro 'no_printk'
if (0) \
^
net/rds/message.c:177:2: note: Taking true branch
if (refcount_dec_and_test(&rm->m_refcount)) {
^
net/rds/message.c:178:3: note: Assuming the condition is false
BUG_ON(!list_empty(&rm->m_sock_item));
^
include/asm-generic/bug.h:183:36: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~
net/rds/message.c:178:3: note: Taking false branch
BUG_ON(!list_empty(&rm->m_sock_item));
^
include/asm-generic/bug.h:183:32: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
net/rds/message.c:178:3: note: Loop condition is false. Exiting loop
BUG_ON(!list_empty(&rm->m_sock_item));
^
include/asm-generic/bug.h:183:27: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
net/rds/message.c:179:3: note: Assuming the condition is false
BUG_ON(!list_empty(&rm->m_conn_item));
^
include/asm-generic/bug.h:183:36: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~
net/rds/message.c:179:3: note: Taking false branch
BUG_ON(!list_empty(&rm->m_conn_item));
^
include/asm-generic/bug.h:183:32: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
net/rds/message.c:179:3: note: Loop condition is false. Exiting loop
BUG_ON(!list_empty(&rm->m_conn_item));
^
include/asm-generic/bug.h:183:27: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
net/rds/message.c:182:3: note: Memory is released
kfree(rm);
^~~~~~~~~
net/rds/message.c:350:3: note: Returning; memory was released via 1st parameter
rds_message_put(rm);
^~~~~~~~~~~~~~~~~~~
net/rds/message.c:351:19: note: Use of memory after it is freed
return ERR_CAST(rm->data.op_sg);
^~~~~~~~~~~~~~
Suppressed 6 warnings (5 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
sound/soc/codecs/cs42l73.c:1329:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_AB, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/cs42l73.c:1329:2: note: Value stored to 'ret' is never read
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_AB, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/cs42l73.c:1332:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_CD, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/cs42l73.c:1332:2: note: Value stored to 'ret' is never read
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_CD, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/cs42l73.c:1335:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_E, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/soc/codecs/cs42l73.c:1335:2: note: Value stored to 'ret' is never read
ret = regmap_read(cs42l73->regmap, CS42L73_DEVID_E, ®);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
>> net/ceph/messenger_v2.c:370:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
return le32_to_cpu(msg->hdr.data_len);
^
include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu'
#define le32_to_cpu __le32_to_cpu
^
include/uapi/linux/byteorder/little_endian.h:34:50: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
^
net/ceph/messenger_v2.c:3031:2: note: Taking false branch
dout("%s con %p state %d have %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:25:3: note: expanded from macro 'dout'
if (0) \
^
net/ceph/messenger_v2.c:3031:2: note: Loop condition is false. Exiting loop
dout("%s con %p state %d have %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:24:26: note: expanded from macro 'dout'
# define dout(fmt, ...) do { \
^
net/ceph/messenger_v2.c:3035:6: note: Assuming field 'state' is not equal to CEPH_CON_S_PREOPEN
if (con->state == CEPH_CON_S_PREOPEN) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:3035:2: note: Taking false branch
if (con->state == CEPH_CON_S_PREOPEN) {
^
net/ceph/messenger_v2.c:3070:6: note: Assuming the condition is true
if (!iov_iter_count(&con->v2.out_iter)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:3070:2: note: Taking true branch
if (!iov_iter_count(&con->v2.out_iter)) {
^
net/ceph/messenger_v2.c:3071:9: note: Calling 'populate_out_iter'
ret = populate_out_iter(con);
^~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2953:2: note: Taking false branch
dout("%s con %p state %d out_state %d\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:25:3: note: expanded from macro 'dout'
if (0) \
^
net/ceph/messenger_v2.c:2953:2: note: Loop condition is false. Exiting loop
dout("%s con %p state %d out_state %d\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:24:26: note: expanded from macro 'dout'
# define dout(fmt, ...) do { \
^
net/ceph/messenger_v2.c:2957:6: note: Assuming field 'state' is equal to CEPH_CON_S_OPEN
if (con->state != CEPH_CON_S_OPEN) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2957:2: note: Taking false branch
if (con->state != CEPH_CON_S_OPEN) {
^
net/ceph/messenger_v2.c:2963:2: note: Control jumps to 'case 1:' at line 2964
switch (con->v2.out_state) {
^
net/ceph/messenger_v2.c:2965:11: note: Assuming field 'out_msg' is null
WARN_ON(!con->out_msg);
^
include/asm-generic/bug.h:188:25: note: expanded from macro 'WARN_ON'
int __ret_warn_on = !!(condition); \
^~~~~~~~~
net/ceph/messenger_v2.c:2966:3: note: Calling 'queue_data'
queue_data(con);
^~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2846:16: note: Passing null pointer value via 1st parameter 'msg'
data_len(con->out_msg));
^~~~~~~~~~~~
net/ceph/messenger_v2.c:2846:7: note: Calling 'data_len'
data_len(con->out_msg));
^~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:370:9: note: Dereference of null pointer
return le32_to_cpu(msg->hdr.data_len);
^
include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu'
#define le32_to_cpu __le32_to_cpu
^
include/uapi/linux/byteorder/little_endian.h:34:50: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
^~~
net/ceph/messenger_v2.c:2538:10: warning: Access to field 'con' results in a dereference of a null pointer (loaded from field 'in_msg') [clang-analyzer-core.NullDereference]
WARN_ON(con->in_msg->con != con);
^
net/ceph/messenger_v2.c:2812:2: note: Taking false branch
dout("%s con %p state %d need %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:25:3: note: expanded from macro 'dout'
if (0) \
^
net/ceph/messenger_v2.c:2812:2: note: Loop condition is false. Exiting loop
dout("%s con %p state %d need %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:24:26: note: expanded from macro 'dout'
# define dout(fmt, ...) do { \
^
net/ceph/messenger_v2.c:2815:6: note: Assuming field 'state' is not equal to CEPH_CON_S_PREOPEN
if (con->state == CEPH_CON_S_PREOPEN)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2815:2: note: Taking false branch
if (con->state == CEPH_CON_S_PREOPEN)
vim +370 net/ceph/messenger_v2.c
cd1a677cad9940 Ilya Dryomov 2020-11-19 367
cd1a677cad9940 Ilya Dryomov 2020-11-19 368 static int data_len(const struct ceph_msg *msg)
cd1a677cad9940 Ilya Dryomov 2020-11-19 369 {
cd1a677cad9940 Ilya Dryomov 2020-11-19 @370 return le32_to_cpu(msg->hdr.data_len);
cd1a677cad9940 Ilya Dryomov 2020-11-19 371 }
cd1a677cad9940 Ilya Dryomov 2020-11-19 372
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 2+ messages in thread
* net/ceph/messenger_v2.c:370:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
@ 2021-08-28 6:22 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2021-08-28 6:22 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14215 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Ilya Dryomov <idryomov@gmail.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 64b4fc45bea6f4faa843d2f97ff51665280efee1
commit: cd1a677cad994021b19665ed476aea63f5d54f31 libceph, ceph: implement msgr2.1 protocol (crc and secure modes)
date: 9 months ago
:::::: branch date: 7 hours ago
:::::: commit date: 9 months ago
config: powerpc-randconfig-c003-20210826 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project ea08c4cd1c0869ec5024a8bb3f5cdf06ab03ae83)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install powerpc cross compiling tool for clang build
# apt-get install binutils-powerpc64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd1a677cad994021b19665ed476aea63f5d54f31
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout cd1a677cad994021b19665ed476aea63f5d54f31
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=powerpc clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
fs/ext4/resize.c:1224:13: note: Assuming the condition is false
gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc,
^
fs/ext4/ext4.h:1679:21: note: expanded from macro 'sbi_array_rcu_deref'
_v = ((typeof(_v)*)rcu_dereference((sbi)->field))[index]; \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:556:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:498:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:360:2: note: expanded from macro '__rcu_dereference_check'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_check() usage"); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:303:7: note: expanded from macro 'RCU_LOCKDEP_WARN'
if (debug_lockdep_rcu_enabled() && !__warned && (c)) { \
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/resize.c:1224:13: note: Left side of '&&' is false
gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc,
^
fs/ext4/ext4.h:1679:21: note: expanded from macro 'sbi_array_rcu_deref'
_v = ((typeof(_v)*)rcu_dereference((sbi)->field))[index]; \
^
include/linux/rcupdate.h:556:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^
include/linux/rcupdate.h:498:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^
include/linux/rcupdate.h:360:2: note: expanded from macro '__rcu_dereference_check'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_check() usage"); \
^
include/linux/rcupdate.h:303:35: note: expanded from macro 'RCU_LOCKDEP_WARN'
if (debug_lockdep_rcu_enabled() && !__warned && (c)) { \
^
fs/ext4/resize.c:1224:13: note: Loop condition is false. Exiting loop
gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc,
^
fs/ext4/ext4.h:1679:21: note: expanded from macro 'sbi_array_rcu_deref'
_v = ((typeof(_v)*)rcu_dereference((sbi)->field))[index]; \
^
include/linux/rcupdate.h:556:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^
include/linux/rcupdate.h:498:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^
include/linux/rcupdate.h:360:2: note: expanded from macro '__rcu_dereference_check'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_check() usage"); \
^
include/linux/rcupdate.h:301:2: note: expanded from macro 'RCU_LOCKDEP_WARN'
do { \
^
fs/ext4/resize.c:1226:4: note: Loop condition is false. Exiting loop
BUFFER_TRACE(gdb_bh, "get_write_access");
^
include/linux/jbd2.h:1779:32: note: expanded from macro 'BUFFER_TRACE'
#define BUFFER_TRACE(bh, info) do {} while (0)
^
fs/ext4/resize.c:1229:8: note: Assuming 'err' is 0
if (!err && reserved_gdb && ext4_bg_num_gdb(sb, group))
^~~~
fs/ext4/resize.c:1229:8: note: Left side of '&&' is true
fs/ext4/resize.c:1229:16: note: Assuming 'reserved_gdb' is not equal to 0
if (!err && reserved_gdb && ext4_bg_num_gdb(sb, group))
^~~~~~~~~~~~
fs/ext4/resize.c:1229:8: note: Left side of '&&' is true
if (!err && reserved_gdb && ext4_bg_num_gdb(sb, group))
^
fs/ext4/resize.c:1229:32: note: Assuming the condition is true
if (!err && reserved_gdb && ext4_bg_num_gdb(sb, group))
^~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/resize.c:1229:4: note: Taking true branch
if (!err && reserved_gdb && ext4_bg_num_gdb(sb, group))
^
fs/ext4/resize.c:1230:38: note: Passing null pointer value via 2nd parameter 'inode'
err = reserve_backup_gdb(handle, resize_inode, group);
^~~~~~~~~~~~
fs/ext4/resize.c:1230:11: note: Calling 'reserve_backup_gdb'
err = reserve_backup_gdb(handle, resize_inode, group);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/resize.c:980:27: note: Access to field 'i_sb' results in a dereference of a null pointer (loaded from variable 'inode')
struct super_block *sb = inode->i_sb;
^~~~~
fs/ext4/resize.c:1107:3: warning: Value stored to 'group' is never read [clang-analyzer-deadcode.DeadStores]
group = 1;
^ ~
fs/ext4/resize.c:1107:3: note: Value stored to 'group' is never read
group = 1;
^ ~
fs/ext4/resize.c:1904:3: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores]
err = ret;
^ ~~~
fs/ext4/resize.c:1904:3: note: Value stored to 'err' is never read
err = ret;
^ ~~~
Suppressed 17 warnings (4 in non-user code, 13 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
18 warnings generated.
>> net/ceph/messenger_v2.c:370:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
return le32_to_cpu(msg->hdr.data_len);
^
include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu'
#define le32_to_cpu __le32_to_cpu
^
include/uapi/linux/byteorder/big_endian.h:34:58: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
net/ceph/messenger_v2.c:3031:2: note: Taking false branch
dout("%s con %p state %d have %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:35:25: note: expanded from macro 'dout'
# define dout(fmt, ...) pr_debug(" " fmt, ##__VA_ARGS__)
^
include/linux/printk.h:430:2: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:139:2: note: expanded from macro 'no_printk'
if (0) \
^
net/ceph/messenger_v2.c:3035:6: note: Assuming field 'state' is not equal to CEPH_CON_S_PREOPEN
if (con->state == CEPH_CON_S_PREOPEN) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:3035:2: note: Taking false branch
if (con->state == CEPH_CON_S_PREOPEN) {
^
net/ceph/messenger_v2.c:3070:6: note: Assuming the condition is true
if (!iov_iter_count(&con->v2.out_iter)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:3070:2: note: Taking true branch
if (!iov_iter_count(&con->v2.out_iter)) {
^
net/ceph/messenger_v2.c:3071:9: note: Calling 'populate_out_iter'
ret = populate_out_iter(con);
^~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2953:2: note: Taking false branch
dout("%s con %p state %d out_state %d\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:35:25: note: expanded from macro 'dout'
# define dout(fmt, ...) pr_debug(" " fmt, ##__VA_ARGS__)
^
include/linux/printk.h:430:2: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:139:2: note: expanded from macro 'no_printk'
if (0) \
^
net/ceph/messenger_v2.c:2957:6: note: Assuming field 'state' is equal to CEPH_CON_S_OPEN
if (con->state != CEPH_CON_S_OPEN) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2957:2: note: Taking false branch
if (con->state != CEPH_CON_S_OPEN) {
^
net/ceph/messenger_v2.c:2963:2: note: Control jumps to 'case 1:' at line 2964
switch (con->v2.out_state) {
^
net/ceph/messenger_v2.c:2965:11: note: Assuming field 'out_msg' is null
WARN_ON(!con->out_msg);
^
include/asm-generic/bug.h:188:25: note: expanded from macro 'WARN_ON'
int __ret_warn_on = !!(condition); \
^~~~~~~~~
net/ceph/messenger_v2.c:2966:3: note: Calling 'queue_data'
queue_data(con);
^~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:2846:16: note: Passing null pointer value via 1st parameter 'msg'
data_len(con->out_msg));
^~~~~~~~~~~~
net/ceph/messenger_v2.c:2846:7: note: Calling 'data_len'
data_len(con->out_msg));
^~~~~~~~~~~~~~~~~~~~~~
net/ceph/messenger_v2.c:370:9: note: Dereference of null pointer
return le32_to_cpu(msg->hdr.data_len);
^
include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu'
#define le32_to_cpu __le32_to_cpu
^
include/uapi/linux/byteorder/big_endian.h:34:58: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
include/uapi/linux/swab.h:118:32: note: expanded from macro '__swab32'
(__builtin_constant_p((__u32)(x)) ? \
^
net/ceph/messenger_v2.c:2538:10: warning: Access to field 'con' results in a dereference of a null pointer (loaded from field 'in_msg') [clang-analyzer-core.NullDereference]
WARN_ON(con->in_msg->con != con);
^
net/ceph/messenger_v2.c:2812:2: note: Taking false branch
dout("%s con %p state %d need %zu\n", __func__, con, con->state,
^
include/linux/ceph/ceph_debug.h:35:25: note: expanded from macro 'dout'
# define dout(fmt, ...) pr_debug(" " fmt, ##__VA_ARGS__)
^
include/linux/printk.h:430:2: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:139:2: note: expanded from macro 'no_printk'
if (0) \
^
net/ceph/messenger_v2.c:2815:6: note: Assuming field 'state' is not equal to CEPH_CON_S_PREOPEN
if (con->state == CEPH_CON_S_PREOPEN)
vim +370 net/ceph/messenger_v2.c
cd1a677cad9940 Ilya Dryomov 2020-11-19 367
cd1a677cad9940 Ilya Dryomov 2020-11-19 368 static int data_len(const struct ceph_msg *msg)
cd1a677cad9940 Ilya Dryomov 2020-11-19 369 {
cd1a677cad9940 Ilya Dryomov 2020-11-19 @370 return le32_to_cpu(msg->hdr.data_len);
cd1a677cad9940 Ilya Dryomov 2020-11-19 371 }
cd1a677cad9940 Ilya Dryomov 2020-11-19 372
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 30110 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-08 0:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-08 0:51 net/ceph/messenger_v2.c:370:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2021-08-28 6:22 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.