From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [goldwynr:iomap 10/33] include/linux/pagemap.h:691:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
Date: Wed, 05 Jan 2022 00:46:34 +0800 [thread overview]
Message-ID: <202201050045.f5XOCOID-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 12858 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Goldwyn Rodrigues <rgoldwyn@suse.com>
tree: https://github.com/goldwynr/linux iomap
head: fd871fa60e5495543660657e665f1a6c13d0af97
commit: 9b0be4cce9f84675546603825aa366923670b7bf [10/33] btrfs: Don't process pages if locked_page is NULL
:::::: branch date: 4 days ago
:::::: commit date: 4 days ago
config: x86_64-randconfig-c007-20220102 (https://download.01.org/0day-ci/archive/20220105/202201050045.f5XOCOID-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project b50fea47b6c454581fce89af359f3afe5154986c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/goldwynr/linux/commit/9b0be4cce9f84675546603825aa366923670b7bf
git remote add goldwynr https://github.com/goldwynr/linux
git fetch --no-tags goldwynr iomap
git checkout 9b0be4cce9f84675546603825aa366923670b7bf
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:938:6: note: Assuming field 'locked_page' is null
if (async_chunk->locked_page) {
^~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:938:2: note: Taking false branch
if (async_chunk->locked_page) {
^
fs/btrfs/inode.c:948:6: note: Assuming field 'pages' is non-null
if (!async_extent->pages)
^~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:948:2: note: Taking false branch
if (!async_extent->pages)
^
fs/btrfs/inode.c:955:6: note: Assuming 'ret' is not equal to 0
if (ret) {
^~~
fs/btrfs/inode.c:955:2: note: Taking true branch
if (ret) {
^
fs/btrfs/inode.c:964:3: note: Control jumps to line 1023
goto out_free;
^
fs/btrfs/inode.c:1030:2: note: Memory is released
kfree(async_extent);
^~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1057:9: note: Returning; memory was released
ret = submit_one_async_extent(inode, async_chunk, async_extent,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body
while (!list_empty(&async_chunk->extents)) {
^
fs/btrfs/inode.c:1053:3: note: Calling 'list_del'
list_del(&async_extent->list);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:148:2: note: Calling '__list_del_entry'
__list_del_entry(entry);
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:134:6: note: Assuming the condition is false
if (!__list_del_entry_valid(entry))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:134:2: note: Taking false branch
if (!__list_del_entry_valid(entry))
^
include/linux/list.h:137:13: note: Use of memory after it is freed
__list_del(entry->prev, entry->next);
^~~~~~~~~~~
include/linux/list.h:149:14: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
entry->next = LIST_POISON1;
^
fs/btrfs/inode.c:1368:6: note: Assuming field 'inode' is non-null
if (async_chunk->inode)
^~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1368:2: note: Taking true branch
if (async_chunk->inode)
^
fs/btrfs/inode.c:1369:3: note: Calling 'submit_compressed_extents'
submit_compressed_extents(async_chunk);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body
while (!list_empty(&async_chunk->extents)) {
^
fs/btrfs/inode.c:1057:9: note: Calling 'submit_one_async_extent'
ret = submit_one_async_extent(inode, async_chunk, async_extent,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:938:6: note: Assuming field 'locked_page' is null
if (async_chunk->locked_page) {
^~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:938:2: note: Taking false branch
if (async_chunk->locked_page) {
^
fs/btrfs/inode.c:948:6: note: Assuming field 'pages' is non-null
if (!async_extent->pages)
^~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:948:2: note: Taking false branch
if (!async_extent->pages)
^
fs/btrfs/inode.c:955:6: note: Assuming 'ret' is not equal to 0
if (ret) {
^~~
fs/btrfs/inode.c:955:2: note: Taking true branch
if (ret) {
^
fs/btrfs/inode.c:964:3: note: Control jumps to line 1023
goto out_free;
^
fs/btrfs/inode.c:1030:2: note: Memory is released
kfree(async_extent);
^~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1057:9: note: Returning; memory was released
ret = submit_one_async_extent(inode, async_chunk, async_extent,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1047:2: note: Loop condition is true. Entering loop body
while (!list_empty(&async_chunk->extents)) {
^
fs/btrfs/inode.c:1053:3: note: Calling 'list_del'
list_del(&async_extent->list);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:149:14: note: Use of memory after it is freed
entry->next = LIST_POISON1;
~~~~~~~~~~~ ^
>> include/linux/pagemap.h:691:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
return ((loff_t)page->index) << PAGE_SHIFT;
^
fs/btrfs/inode.c:2003:6: note: Assuming 'locked_page' is null
if (locked_page)
^~~~~~~~~~~
fs/btrfs/inode.c:2003:2: note: Taking false branch
if (locked_page)
^
fs/btrfs/inode.c:2007:6: note: Calling 'should_nocow'
if (should_nocow(inode, start, end)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1978:6: note: Assuming the condition is true
if (inode->flags & (BTRFS_INODE_NODATACOW | BTRFS_INODE_PREALLOC)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1978:2: note: Taking true branch
if (inode->flags & (BTRFS_INODE_NODATACOW | BTRFS_INODE_PREALLOC)) {
^
fs/btrfs/inode.c:1979:7: note: Assuming field 'defrag_bytes' is 0
if (inode->defrag_bytes &&
^~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:1979:27: note: Left side of '&&' is false
if (inode->defrag_bytes &&
^
fs/btrfs/inode.c:1983:3: note: Returning the value 1, which participates in a condition later
return true;
^~~~~~~~~~~
fs/btrfs/inode.c:2007:6: note: Returning from 'should_nocow'
if (should_nocow(inode, start, end)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:2007:2: note: Taking true branch
if (should_nocow(inode, start, end)) {
^
fs/btrfs/inode.c:2015:11: note: 'zoned' is false
ASSERT(!zoned ||
^
fs/btrfs/ctree.h:3526:29: note: expanded from macro 'ASSERT'
#define ASSERT(expr) (void)(expr)
^~~~
fs/btrfs/inode.c:2015:17: note: Left side of '||' is true
ASSERT(!zoned ||
^
fs/btrfs/inode.c:2032:9: note: Assuming 'ret' is > 0
ASSERT(ret <= 0);
^
fs/btrfs/ctree.h:3526:29: note: expanded from macro 'ASSERT'
#define ASSERT(expr) (void)(expr)
^~~~
fs/btrfs/inode.c:2033:6: note: 'ret' is not equal to 0
if (ret)
^~~
fs/btrfs/inode.c:2033:2: note: Taking true branch
if (ret)
^
fs/btrfs/inode.c:2034:40: note: Passing null pointer value via 2nd parameter 'locked_page'
btrfs_cleanup_ordered_extents(inode, locked_page, start,
^~~~~~~~~~~
fs/btrfs/inode.c:2034:3: note: Calling 'btrfs_cleanup_ordered_extents'
btrfs_cleanup_ordered_extents(inode, locked_page, start,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/inode.c:164:31: note: Passing null pointer value via 1st parameter 'page'
u64 page_start = page_offset(locked_page);
^~~~~~~~~~~
fs/btrfs/inode.c:164:19: note: Calling 'page_offset'
u64 page_start = page_offset(locked_page);
^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/pagemap.h:691:18: note: Dereference of null pointer
return ((loff_t)page->index) << PAGE_SHIFT;
^~~~~~~~~~~
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
drivers/media/common/videobuf2/videobuf2-core.c:1929:10: warning: Access to field 'state' results in a dereference of a null pointer (loaded from variable 'vb') [clang-analyzer-core.NullDereference]
switch (vb->state) {
^
drivers/media/common/videobuf2/videobuf2-core.c:2921:6: note: Assuming field 'is_output' is 0
if (q->is_output) {
^~~~~~~~~~~~
drivers/media/common/videobuf2/videobuf2-core.c:2921:2: note: Taking false branch
if (q->is_output) {
^
drivers/media/common/videobuf2/videobuf2-core.c:2928:2: note: Loop condition is true. Entering loop body
for (;;) {
^
drivers/media/common/videobuf2/videobuf2-core.c:2934:7: note: 'prequeue' is 0
if (prequeue) {
^~~~~~~~
drivers/media/common/videobuf2/videobuf2-core.c:2934:3: note: Taking false branch
if (prequeue) {
^
drivers/media/common/videobuf2/videobuf2-core.c:2938:4: note: Assuming 'debug' is < 2
call_void_qop(q, wait_finish, q);
^
drivers/media/common/videobuf2/videobuf2-core.c:110:2: note: expanded from macro 'call_void_qop'
log_qop(q, op); \
^~~~~~~~~~~~~~
drivers/media/common/videobuf2/videobuf2-core.c:94:2: note: expanded from macro 'log_qop'
dprintk(q, 2, "call_qop(%s)%s\n", #op, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/common/videobuf2/videobuf2-core.c:39:7: note: expanded from macro 'dprintk'
if (debug >= level) \
vim +691 include/linux/pagemap.h
5cbc198ae08d84 Kirill A. Shutemov 2016-11-30 685
^1da177e4c3f41 Linus Torvalds 2005-04-16 686 /*
^1da177e4c3f41 Linus Torvalds 2005-04-16 687 * Return byte-offset into filesystem object for page.
^1da177e4c3f41 Linus Torvalds 2005-04-16 688 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 689 static inline loff_t page_offset(struct page *page)
^1da177e4c3f41 Linus Torvalds 2005-04-16 690 {
09cbfeaf1a5a67 Kirill A. Shutemov 2016-04-01 @691 return ((loff_t)page->index) << PAGE_SHIFT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 692 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 693
:::::: The code@line 691 was first introduced by commit
:::::: 09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
:::::: TO: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
next reply other threads:[~2022-01-04 16:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-04 16:46 kernel test robot [this message]
2022-01-06 23:23 [goldwynr:iomap 10/33] include/linux/pagemap.h:691:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] kernel test robot
2022-01-09 17:40 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202201050045.f5XOCOID-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.