From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [linux-next:master 7691/8804] fs/btrfs/extent_io.c:3205:17: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
Date: Thu, 19 Aug 2021 12:11:55 +0800 [thread overview]
Message-ID: <202108191237.16eY9VX8-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 19207 bytes --]
CC: clang-built-linux(a)googlegroups.com
CC: kbuild-all(a)lists.01.org
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Naohiro Aota <naohiro.aota@wdc.com>
CC: David Sterba <dsterba@suse.com>
CC: Qu Wenruo <wqu@suse.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: f26c3abc432a2026ba9ee7767061a1f88aead6ec
commit: 21b6d5fe896a3933762d3d26059ff49967d9773a [7691/8804] btrfs: zoned: fix ordered extent boundary calculation
:::::: branch date: 20 hours ago
:::::: commit date: 3 days ago
config: riscv-randconfig-c006-20210818 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project d2b574a4dea5b718e4386bf2e26af0126e5978ce)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=21b6d5fe896a3933762d3d26059ff49967d9773a
git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git fetch --no-tags linux-next master
git checkout 21b6d5fe896a3933762d3d26059ff49967d9773a
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
drivers/android/binder_alloc.c:620:6: note: Assuming the condition is false
if (!list_is_last(&buffer->entry, &alloc->buffers)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/android/binder_alloc.c:620:2: note: Taking false branch
if (!list_is_last(&buffer->entry, &alloc->buffers)) {
^
drivers/android/binder_alloc.c:632:6: note: Assuming the condition is true
if (PAGE_ALIGNED(buffer->user_data)) {
^
include/linux/mm.h:237:28: note: expanded from macro 'PAGE_ALIGNED'
#define PAGE_ALIGNED(addr) IS_ALIGNED((unsigned long)(addr), PAGE_SIZE)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/align.h:13:28: note: expanded from macro 'IS_ALIGNED'
#define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a) - 1)) == 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/android/binder_alloc.c:632:2: note: Taking true branch
if (PAGE_ALIGNED(buffer->user_data)) {
^
drivers/android/binder_alloc.c:633:3: note: Assuming the condition is false
binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC,
^
drivers/android/binder_alloc.c:46:7: note: expanded from macro 'binder_alloc_debug'
if (binder_alloc_debug_mask & mask) \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/android/binder_alloc.c:633:3: note: Taking false branch
binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC,
^
drivers/android/binder_alloc.c:46:3: note: expanded from macro 'binder_alloc_debug'
if (binder_alloc_debug_mask & mask) \
^
drivers/android/binder_alloc.c:633:3: note: Loop condition is false. Exiting loop
binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC,
^
drivers/android/binder_alloc.c:45:2: note: expanded from macro 'binder_alloc_debug'
do { \
^
drivers/android/binder_alloc.c:639:6: note: 'to_free' is false
if (to_free) {
^~~~~~~
drivers/android/binder_alloc.c:639:2: note: Taking false branch
if (to_free) {
^
drivers/android/binder_alloc.c:648:2: note: Calling 'list_del'
list_del(&buffer->entry);
^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:146:2: note: Calling '__list_del_entry'
__list_del_entry(entry);
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:132:2: note: Taking false branch
if (!__list_del_entry_valid(entry))
^
include/linux/list.h:135:2: note: Use of memory after it is freed
__list_del(entry->prev, entry->next);
^ ~~~~~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
fs/btrfs/xattr.c:486:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(name, XATTR_SECURITY_PREFIX);
^~~~~~
fs/btrfs/xattr.c:486:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(name, XATTR_SECURITY_PREFIX);
^~~~~~
fs/btrfs/xattr.c:487:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
^~~~~~
fs/btrfs/xattr.c:487:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
^~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
10 warnings generated.
fs/btrfs/extent_io.c:1010:4: warning: Value stored to 'node' is never read [clang-analyzer-deadcode.DeadStores]
node = &state->rb_node;
^ ~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:1010:4: note: Value stored to 'node' is never read
node = &state->rb_node;
^ ~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:1247:4: warning: Value stored to 'node' is never read [clang-analyzer-deadcode.DeadStores]
node = &state->rb_node;
^ ~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:1247:4: note: Value stored to 'node' is never read
node = &state->rb_node;
^ ~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:2552:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = set_state_failrec(failure_tree, start, failrec);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:2552:3: note: Value stored to 'ret' is never read
ret = set_state_failrec(failure_tree, start, failrec);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:2554:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = set_extent_bits(tree, start, start + sectorsize - 1,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:2554:3: note: Value stored to 'ret' is never read
ret = set_extent_bits(tree, start, start + sectorsize - 1,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> fs/btrfs/extent_io.c:3205:17: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
u32 bio_size = bio->bi_iter.bi_size;
^
fs/btrfs/extent_io.c:7358:2: note: Calling 'btrfs_readahead_tree_block'
btrfs_readahead_tree_block(node->fs_info,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:7333:2: note: Taking false branch
if (IS_ERR(eb))
^
fs/btrfs/extent_io.c:7336:6: note: Assuming the condition is false
if (btrfs_buffer_uptodate(eb, gen, 1)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:7336:2: note: Taking false branch
if (btrfs_buffer_uptodate(eb, gen, 1)) {
^
fs/btrfs/extent_io.c:7341:8: note: Calling 'read_extent_buffer_pages'
ret = read_extent_buffer_pages(eb, WAIT_NONE, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:6530:6: note: Assuming the condition is false
if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:6530:2: note: Taking false branch
if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))
^
fs/btrfs/extent_io.c:6533:6: note: Assuming the condition is true
if (eb->fs_info->sectorsize < PAGE_SIZE)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:6533:2: note: Taking true branch
if (eb->fs_info->sectorsize < PAGE_SIZE)
^
fs/btrfs/extent_io.c:6534:10: note: Calling 'read_extent_buffer_subpage'
return read_extent_buffer_subpage(eb, wait, mirror_num);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:6459:9: note: Assuming the condition is true
ASSERT(!test_bit(EXTENT_BUFFER_UNMAPPED, &eb->bflags));
^
fs/btrfs/ctree.h:3455:10: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assertfail(#expr, __FILE__, __LINE__))
^~~~
include/linux/compiler.h:77:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
fs/btrfs/extent_io.c:6459:2: note: '?' condition is true
ASSERT(!test_bit(EXTENT_BUFFER_UNMAPPED, &eb->bflags));
^
fs/btrfs/ctree.h:3455:3: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assertfail(#expr, __FILE__, __LINE__))
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
fs/btrfs/extent_io.c:6460:2: note: Assuming the condition is false
ASSERT(PagePrivate(page));
^
fs/btrfs/ctree.h:3455:3: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assertfail(#expr, __FILE__, __LINE__))
^~~~~~~~~~~~
include/linux/compiler.h:77:38: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~
fs/btrfs/extent_io.c:6460:2: note: '?' condition is true
ASSERT(PagePrivate(page));
^
fs/btrfs/ctree.h:3455:3: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assertfail(#expr, __FILE__, __LINE__))
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
fs/btrfs/extent_io.c:6463:6: note: 'wait' is equal to WAIT_NONE
if (wait == WAIT_NONE) {
^~~~
fs/btrfs/extent_io.c:6463:2: note: Taking true branch
if (wait == WAIT_NONE) {
^
fs/btrfs/extent_io.c:6464:3: note: Taking false branch
if (!try_lock_extent(io_tree, eb->start, eb->start + eb->len - 1))
^
fs/btrfs/extent_io.c:6473:6: note: Left side of '||' is false
if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags) ||
^
fs/btrfs/extent_io.c:6473:6: note: Left side of '||' is false
fs/btrfs/extent_io.c:6475:6: note: Assuming the condition is false
btrfs_subpage_test_uptodate(fs_info, page, eb->start, eb->len)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:6473:2: note: Taking false branch
if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags) ||
^
fs/btrfs/extent_io.c:6488:8: note: Calling 'submit_extent_page'
ret = submit_extent_page(REQ_OP_READ | REQ_META, NULL, &bio_ctrl,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/btrfs/extent_io.c:3382:2: note: '?' condition is true
ASSERT(bio_ctrl);
^
fs/btrfs/ctree.h:3455:3: note: expanded from macro 'ASSERT'
(likely(expr) ? (void)0 : assertfail(#expr, __FILE__, __LINE__))
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
fs/btrfs/extent_io.c:3384:9: note: Assuming the condition is true
vim +3205 fs/btrfs/extent_io.c
9be3395bcd4ad4 Chris Mason 2013-05-17 3179
953651eb308fb5 Naohiro Aota 2021-02-04 3180 /**
953651eb308fb5 Naohiro Aota 2021-02-04 3181 * Attempt to add a page to bio
953651eb308fb5 Naohiro Aota 2021-02-04 3182 *
953651eb308fb5 Naohiro Aota 2021-02-04 3183 * @bio: destination bio
953651eb308fb5 Naohiro Aota 2021-02-04 3184 * @page: page to add to the bio
953651eb308fb5 Naohiro Aota 2021-02-04 3185 * @disk_bytenr: offset of the new bio or to check whether we are adding
953651eb308fb5 Naohiro Aota 2021-02-04 3186 * a contiguous page to the previous one
953651eb308fb5 Naohiro Aota 2021-02-04 3187 * @pg_offset: starting offset in the page
953651eb308fb5 Naohiro Aota 2021-02-04 3188 * @size: portion of page that we want to write
953651eb308fb5 Naohiro Aota 2021-02-04 3189 * @prev_bio_flags: flags of previous bio to see if we can merge the current one
953651eb308fb5 Naohiro Aota 2021-02-04 3190 * @bio_flags: flags of the current bio to see if we can merge them
953651eb308fb5 Naohiro Aota 2021-02-04 3191 *
953651eb308fb5 Naohiro Aota 2021-02-04 3192 * Attempt to add a page to bio considering stripe alignment etc.
953651eb308fb5 Naohiro Aota 2021-02-04 3193 *
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3194 * Return >= 0 for the number of bytes added to the bio.
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3195 * Can return 0 if the current bio is already at stripe/zone boundary.
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3196 * Return <0 for error.
953651eb308fb5 Naohiro Aota 2021-02-04 3197 */
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3198 static int btrfs_bio_add_page(struct btrfs_bio_ctrl *bio_ctrl,
390ed29b817e6d Qu Wenruo 2021-04-14 3199 struct page *page,
953651eb308fb5 Naohiro Aota 2021-02-04 3200 u64 disk_bytenr, unsigned int size,
953651eb308fb5 Naohiro Aota 2021-02-04 3201 unsigned int pg_offset,
953651eb308fb5 Naohiro Aota 2021-02-04 3202 unsigned long bio_flags)
953651eb308fb5 Naohiro Aota 2021-02-04 3203 {
390ed29b817e6d Qu Wenruo 2021-04-14 3204 struct bio *bio = bio_ctrl->bio;
390ed29b817e6d Qu Wenruo 2021-04-14 @3205 u32 bio_size = bio->bi_iter.bi_size;
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3206 u32 real_size;
953651eb308fb5 Naohiro Aota 2021-02-04 3207 const sector_t sector = disk_bytenr >> SECTOR_SHIFT;
953651eb308fb5 Naohiro Aota 2021-02-04 3208 bool contig;
e1326f0339fe0a Naohiro Aota 2021-02-04 3209 int ret;
953651eb308fb5 Naohiro Aota 2021-02-04 3210
390ed29b817e6d Qu Wenruo 2021-04-14 3211 ASSERT(bio);
390ed29b817e6d Qu Wenruo 2021-04-14 3212 /* The limit should be calculated when bio_ctrl->bio is allocated */
390ed29b817e6d Qu Wenruo 2021-04-14 3213 ASSERT(bio_ctrl->len_to_oe_boundary && bio_ctrl->len_to_stripe_boundary);
390ed29b817e6d Qu Wenruo 2021-04-14 3214 if (bio_ctrl->bio_flags != bio_flags)
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3215 return 0;
953651eb308fb5 Naohiro Aota 2021-02-04 3216
390ed29b817e6d Qu Wenruo 2021-04-14 3217 if (bio_ctrl->bio_flags & EXTENT_BIO_COMPRESSED)
953651eb308fb5 Naohiro Aota 2021-02-04 3218 contig = bio->bi_iter.bi_sector == sector;
953651eb308fb5 Naohiro Aota 2021-02-04 3219 else
953651eb308fb5 Naohiro Aota 2021-02-04 3220 contig = bio_end_sector(bio) == sector;
953651eb308fb5 Naohiro Aota 2021-02-04 3221 if (!contig)
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3222 return 0;
953651eb308fb5 Naohiro Aota 2021-02-04 3223
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3224 real_size = min(bio_ctrl->len_to_oe_boundary,
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3225 bio_ctrl->len_to_stripe_boundary) - bio_size;
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3226 real_size = min(real_size, size);
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3227
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3228 /*
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3229 * If real_size is 0, never call bio_add_*_page(), as even size is 0,
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3230 * bio will still execute its endio function on the page!
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3231 */
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3232 if (real_size == 0)
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3233 return 0;
953651eb308fb5 Naohiro Aota 2021-02-04 3234
390ed29b817e6d Qu Wenruo 2021-04-14 3235 if (bio_op(bio) == REQ_OP_ZONE_APPEND)
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3236 ret = bio_add_zone_append_page(bio, page, real_size, pg_offset);
390ed29b817e6d Qu Wenruo 2021-04-14 3237 else
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3238 ret = bio_add_page(bio, page, real_size, pg_offset);
e1326f0339fe0a Naohiro Aota 2021-02-04 3239
9ecd1d8ec89197 Qu Wenruo 2021-07-26 3240 return ret;
953651eb308fb5 Naohiro Aota 2021-02-04 3241 }
953651eb308fb5 Naohiro Aota 2021-02-04 3242
:::::: The code at line 3205 was first introduced by commit
:::::: 390ed29b817e6de4e8a9dd1749659e7de8ed1c4c btrfs: refactor submit_extent_page() to make bio and its flag tracing easier
:::::: TO: Qu Wenruo <wqu@suse.com>
:::::: CC: David Sterba <dsterba@suse.com>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 32301 bytes --]
reply other threads:[~2021-08-19 4:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202108191237.16eY9VX8-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.