CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: Paolo Valente <paolo.vale...@linaro.org> CC: Jens Axboe <ax...@kernel.dk>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 1862a69c917417142190bc18c8ce16680598664b commit: d29bd41428cfff9b582c248db14a47e2be8457a8 block, bfq: reset last_bfqq_created on group change date: 6 months ago :::::: branch date: 5 hours ago :::::: commit date: 6 months ago config: riscv-randconfig-c006-20220405 (https://download.01.org/0day-ci/archive/20220410/202204101719.ar1c744z-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project c4a1b07d0979e7ff20d7d541af666d822d66b566) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install riscv cross compiling tool for clang build # apt-get install binutils-riscv64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d29bd41428cfff9b582c248db14a47e2be8457a8 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout d29bd41428cfff9b582c248db14a47e2be8457a8 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <l...@intel.com> clang-analyzer warnings: (new ones prefixed by >>) ^ drivers/nvme/target/zns.c:478:6: note: Assuming field 'select_all' is not equal to 0 if (req->cmd->zms.select_all) { ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/target/zns.c:478:2: note: Taking true branch if (req->cmd->zms.select_all) { ^ drivers/nvme/target/zns.c:479:12: note: Calling 'nvmet_bdev_execute_zmgmt_send_all' status = nvmet_bdev_execute_zmgmt_send_all(req); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/target/zns.c:440:2: note: Control jumps to 'case REQ_OP_ZONE_FINISH:' at line 450 switch (zsa_req_op(req->cmd->zms.zsa)) { ^ drivers/nvme/target/zns.c:451:10: note: Calling 'nvmet_bdev_zone_mgmt_emulate_all' return nvmet_bdev_zone_mgmt_emulate_all(req); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/target/zns.c:397:6: note: Assuming field 'zbitmap' is non-null if (!d.zbitmap) { ^~~~~~~~~~ drivers/nvme/target/zns.c:397:2: note: Taking false branch if (!d.zbitmap) { ^ drivers/nvme/target/zns.c:404:6: note: Assuming 'ret' is equal to 'nr_zones' if (ret != nr_zones) { ^~~~~~~~~~~~~~~ drivers/nvme/target/zns.c:404:2: note: Taking false branch if (ret != nr_zones) { ^ drivers/nvme/target/zns.c:413:9: note: Assuming the condition is true while (sector < get_capacity(bdev->bd_disk)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/target/zns.c:413:2: note: Loop condition is true. Entering loop body while (sector < get_capacity(bdev->bd_disk)) { ^ drivers/nvme/target/zns.c:414:16: note: Calling 'blk_queue_zone_no' if (test_bit(blk_queue_zone_no(q, sector), d.zbitmap)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/blkdev.h:700:2: note: Taking false branch if (!blk_queue_is_zoned(q)) ^ include/linux/blkdev.h:702:19: note: '?' condition is false return sector >> ilog2(q->limits.chunk_sectors); ^ include/linux/log2.h:158:2: note: expanded from macro 'ilog2' __builtin_constant_p(n) ? \ ^ include/linux/blkdev.h:702:19: note: '?' condition is true return sector >> ilog2(q->limits.chunk_sectors); ^ include/linux/log2.h:161:2: note: expanded from macro 'ilog2' (sizeof(n) <= 4) ? \ ^ include/linux/blkdev.h:702:19: note: Calling '__ilog2_u32' return sector >> ilog2(q->limits.chunk_sectors); ^ include/linux/log2.h:162:2: note: expanded from macro 'ilog2' __ilog2_u32(n) : \ ^~~~~~~~~~~~~~ include/linux/log2.h:24:2: note: Returning the value -1 return fls(n) - 1; ^~~~~~~~~~~~~~~~~ include/linux/blkdev.h:702:19: note: Returning from '__ilog2_u32' return sector >> ilog2(q->limits.chunk_sectors); ^ include/linux/log2.h:162:2: note: expanded from macro 'ilog2' __ilog2_u32(n) : \ ^~~~~~~~~~~~~~ include/linux/blkdev.h:702:16: note: The result of the right shift is undefined because the right operand is negative return sector >> ilog2(q->limits.chunk_sectors); ^ Suppressed 11 warnings (4 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. block/bfq-wf2q.c:263:7: warning: Access to field 'my_sched_data' results in a dereference of a null pointer (loaded from variable 'entity') [clang-analyzer-core.NullDereference] if (!entity->my_sched_data) ^ block/bfq-wf2q.c:1508:2: note: 'entity' initialized to a null pointer value struct bfq_entity *entity = NULL; ^~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-wf2q.c:1512:6: note: Assuming the condition is false if (bfq_tot_busy_queues(bfqd) == 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-wf2q.c:1512:2: note: Taking false branch if (bfq_tot_busy_queues(bfqd) == 0) ^ block/bfq-wf2q.c:1521:2: note: Loop condition is false. Execution continues on line 1582 for (; sd ; sd = entity->my_sched_data) { ^ block/bfq-wf2q.c:1582:28: note: Passing null pointer value via 1st parameter 'entity' bfqq = bfq_entity_to_bfqq(entity); ^~~~~~ block/bfq-wf2q.c:1582:9: note: Calling 'bfq_entity_to_bfqq' bfqq = bfq_entity_to_bfqq(entity); ^~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-wf2q.c:263:7: note: Access to field 'my_sched_data' results in a dereference of a null pointer (loaded from variable 'entity') if (!entity->my_sched_data) ^~~~~~ Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. >> block/bfq-cgroup.c:670:6: warning: Use of memory after it is freed >> [clang-analyzer-unix.Malloc] entity->parent->last_bfqq_created == bfqq) ^ block/bfq-cgroup.c:892:2: note: Loop condition is false. Exiting loop spin_lock_irqsave(&bfqd->lock, flags); ^ include/linux/spinlock.h:393:2: note: expanded from macro 'spin_lock_irqsave' raw_spin_lock_irqsave(spinlock_check(lock), flags); \ ^ include/linux/spinlock.h:254:2: note: expanded from macro 'raw_spin_lock_irqsave' do { \ ^ block/bfq-cgroup.c:892:2: note: Loop condition is false. Exiting loop spin_lock_irqsave(&bfqd->lock, flags); ^ include/linux/spinlock.h:391:43: note: expanded from macro 'spin_lock_irqsave' #define spin_lock_irqsave(lock, flags) \ ^ block/bfq-cgroup.c:894:6: note: Assuming 'entity' is non-null if (!entity) /* root group */ ^~~~~~~ block/bfq-cgroup.c:894:2: note: Taking false branch if (!entity) /* root group */ ^ block/bfq-cgroup.c:901:2: note: Loop condition is true. Entering loop body for (i = 0; i < BFQ_IOPRIO_CLASSES; i++) { ^ block/bfq-cgroup.c:916:3: note: Calling 'bfq_reparent_active_queues' bfq_reparent_active_queues(bfqd, bfqg, st, i); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:866:2: note: Loop condition is true. Entering loop body while ((entity = bfq_entity_of(rb_first(active)))) ^ block/bfq-cgroup.c:867:3: note: Calling 'bfq_reparent_leaf_entity' bfq_reparent_leaf_entity(bfqd, entity, ioprio_class); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:836:2: note: Loop condition is false. Execution continues on line 848 while (child_entity->my_sched_data) { /* leaf not reached yet */ ^ block/bfq-cgroup.c:849:2: note: Calling 'bfq_bfqq_move' bfq_bfqq_move(bfqd, bfqq, bfqd->root_group); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:659:6: note: Assuming 'bfqq' is not equal to field 'in_service_queue' if (bfqq == bfqd->in_service_queue) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:659:2: note: Taking false branch if (bfqq == bfqd->in_service_queue) ^ block/bfq-cgroup.c:663:6: note: Assuming the condition is false if (bfq_bfqq_busy(bfqq)) ^~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:663:2: note: Taking false branch if (bfq_bfqq_busy(bfqq)) ^ block/bfq-cgroup.c:665:11: note: Assuming field 'on_st_or_in_serv' is false else if (entity->on_st_or_in_serv) ^~~~~~~~~~~~~~~~~~~~~~~~ block/bfq-cgroup.c:665:7: note: Taking false branch else if (entity->on_st_or_in_serv) ^ block/bfq-cgroup.c:667:20: note: Calling 'bfqq_group' bfqg_and_blkg_put(bfqq_group(bfqq)); ^~~~~~~~~~~~~~~~ block/bfq-cgroup.c:312:9: note: Assuming 'group_entity' is non-null return group_entity ? container_of(group_entity, struct bfq_group, ^~~~~~~~~~~~ block/bfq-cgroup.c:312:9: note: '?' condition is true block/bfq-cgroup.c:312:24: note: Left side of '&&' is false return group_entity ? container_of(group_entity, struct bfq_group, ^ include/linux/kernel.h:495:61: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ block/bfq-cgroup.c:312:24: note: Taking false branch return group_entity ? container_of(group_entity, struct bfq_group, ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:310:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:302:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ block/bfq-cgroup.c:312:24: note: Loop condition is false. Exiting loop return group_entity ? container_of(group_entity, struct bfq_group, ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert' vim +670 block/bfq-cgroup.c ea25da48086d3b Paolo Valente 2017-04-19 627 ea25da48086d3b Paolo Valente 2017-04-19 628 /** ea25da48086d3b Paolo Valente 2017-04-19 629 * bfq_bfqq_move - migrate @bfqq to @bfqg. ea25da48086d3b Paolo Valente 2017-04-19 630 * @bfqd: queue descriptor. ea25da48086d3b Paolo Valente 2017-04-19 631 * @bfqq: the queue to move. ea25da48086d3b Paolo Valente 2017-04-19 632 * @bfqg: the group to move to. ea25da48086d3b Paolo Valente 2017-04-19 633 * ea25da48086d3b Paolo Valente 2017-04-19 634 * Move @bfqq to @bfqg, deactivating it from its old group and reactivating ea25da48086d3b Paolo Valente 2017-04-19 635 * it on the new one. Avoid putting the entity on the old group idle tree. ea25da48086d3b Paolo Valente 2017-04-19 636 * 8f9bebc33dd718 Paolo Valente 2017-06-05 637 * Must be called under the scheduler lock, to make sure that the blkg 8f9bebc33dd718 Paolo Valente 2017-06-05 638 * owning @bfqg does not disappear (see comments in 8f9bebc33dd718 Paolo Valente 2017-06-05 639 * bfq_bic_update_cgroup on guaranteeing the consistency of blkg 8f9bebc33dd718 Paolo Valente 2017-06-05 640 * objects). ea25da48086d3b Paolo Valente 2017-04-19 641 */ ea25da48086d3b Paolo Valente 2017-04-19 642 void bfq_bfqq_move(struct bfq_data *bfqd, struct bfq_queue *bfqq, ea25da48086d3b Paolo Valente 2017-04-19 643 struct bfq_group *bfqg) ea25da48086d3b Paolo Valente 2017-04-19 644 { ea25da48086d3b Paolo Valente 2017-04-19 645 struct bfq_entity *entity = &bfqq->entity; ea25da48086d3b Paolo Valente 2017-04-19 646 fd1bb3ae54a9a2 Paolo Valente 2020-03-21 647 /* fd1bb3ae54a9a2 Paolo Valente 2020-03-21 648 * Get extra reference to prevent bfqq from being freed in fd1bb3ae54a9a2 Paolo Valente 2020-03-21 649 * next possible expire or deactivate. fd1bb3ae54a9a2 Paolo Valente 2020-03-21 650 */ fd1bb3ae54a9a2 Paolo Valente 2020-03-21 651 bfqq->ref++; fd1bb3ae54a9a2 Paolo Valente 2020-03-21 652 ea25da48086d3b Paolo Valente 2017-04-19 653 /* If bfqq is empty, then bfq_bfqq_expire also invokes ea25da48086d3b Paolo Valente 2017-04-19 654 * bfq_del_bfqq_busy, thereby removing bfqq and its entity ea25da48086d3b Paolo Valente 2017-04-19 655 * from data structures related to current group. Otherwise we ea25da48086d3b Paolo Valente 2017-04-19 656 * need to remove bfqq explicitly with bfq_deactivate_bfqq, as ea25da48086d3b Paolo Valente 2017-04-19 657 * we do below. ea25da48086d3b Paolo Valente 2017-04-19 658 */ ea25da48086d3b Paolo Valente 2017-04-19 659 if (bfqq == bfqd->in_service_queue) ea25da48086d3b Paolo Valente 2017-04-19 660 bfq_bfqq_expire(bfqd, bfqd->in_service_queue, ea25da48086d3b Paolo Valente 2017-04-19 661 false, BFQQE_PREEMPTED); ea25da48086d3b Paolo Valente 2017-04-19 662 ea25da48086d3b Paolo Valente 2017-04-19 663 if (bfq_bfqq_busy(bfqq)) ea25da48086d3b Paolo Valente 2017-04-19 664 bfq_deactivate_bfqq(bfqd, bfqq, false, false); 33a16a9804688b Paolo Valente 2020-02-03 665 else if (entity->on_st_or_in_serv) ea25da48086d3b Paolo Valente 2017-04-19 666 bfq_put_idle_entity(bfq_entity_service_tree(entity), entity); 8f9bebc33dd718 Paolo Valente 2017-06-05 667 bfqg_and_blkg_put(bfqq_group(bfqq)); ea25da48086d3b Paolo Valente 2017-04-19 668 d29bd41428cfff Paolo Valente 2021-10-15 669 if (entity->parent && d29bd41428cfff Paolo Valente 2021-10-15 @670 entity->parent->last_bfqq_created == bfqq) d29bd41428cfff Paolo Valente 2021-10-15 671 entity->parent->last_bfqq_created = NULL; d29bd41428cfff Paolo Valente 2021-10-15 672 else if (bfqd->last_bfqq_created == bfqq) d29bd41428cfff Paolo Valente 2021-10-15 673 bfqd->last_bfqq_created = NULL; d29bd41428cfff Paolo Valente 2021-10-15 674 ea25da48086d3b Paolo Valente 2017-04-19 675 entity->parent = bfqg->my_entity; ea25da48086d3b Paolo Valente 2017-04-19 676 entity->sched_data = &bfqg->sched_data; 8f9bebc33dd718 Paolo Valente 2017-06-05 677 /* pin down bfqg and its associated blkg */ 8f9bebc33dd718 Paolo Valente 2017-06-05 678 bfqg_and_blkg_get(bfqg); ea25da48086d3b Paolo Valente 2017-04-19 679 ea25da48086d3b Paolo Valente 2017-04-19 680 if (bfq_bfqq_busy(bfqq)) { 8cacc5ab3eacf5 Paolo Valente 2019-03-12 681 if (unlikely(!bfqd->nonrot_with_queueing)) ea25da48086d3b Paolo Valente 2017-04-19 682 bfq_pos_tree_add_move(bfqd, bfqq); ea25da48086d3b Paolo Valente 2017-04-19 683 bfq_activate_bfqq(bfqd, bfqq); ea25da48086d3b Paolo Valente 2017-04-19 684 } ea25da48086d3b Paolo Valente 2017-04-19 685 ea25da48086d3b Paolo Valente 2017-04-19 686 if (!bfqd->in_service_queue && !bfqd->rq_in_driver) ea25da48086d3b Paolo Valente 2017-04-19 687 bfq_schedule_dispatch(bfqd); fd1bb3ae54a9a2 Paolo Valente 2020-03-21 688 /* release extra ref taken above, bfqq may happen to be freed now */ ecedd3d7e19911 Paolo Valente 2020-02-03 689 bfq_put_queue(bfqq); ea25da48086d3b Paolo Valente 2017-04-19 690 } ea25da48086d3b Paolo Valente 2017-04-19 691 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org
