[dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]

[kernel test robot]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head:   7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install riscv cross compiling tool for clang build
        # apt-get install binutils-riscv64-linux-gnu
        # https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
        git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
        git fetch --no-tags dhowells-fs fscache-iter-2
        git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>


clang-analyzer warnings: (new ones prefixed by >>)

>> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
           return volume;
           ^      ~~~~~~
   fs/fscache/volume.c:277:7: note: 'volume' is non-null
        if (!volume)
             ^~~~~~
   fs/fscache/volume.c:277:2: note: Taking false branch
        if (!volume)
        ^
   fs/fscache/volume.c:280:2: note: Taking false branch
        if (!fscache_hash_volume(volume)) {
        ^
   fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
        fscache_create_volume(volume, false);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:243:6: note: Assuming the condition is false
        if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:243:2: note: Taking false branch
        if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
        ^
   fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
        if (volume->cache_priv)
            ^~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:245:2: note: Taking false branch
        if (volume->cache_priv)
        ^
   fs/fscache/volume.c:247:6: note: Assuming the condition is false
        if (!fscache_begin_cache_access(volume->cache,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:247:2: note: Taking false branch
        if (!fscache_begin_cache_access(volume->cache,
        ^
   fs/fscache/volume.c:252:6: note: Assuming the condition is true
        if (!schedule_work(&volume->work))
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:252:2: note: Taking true branch
        if (!schedule_work(&volume->work))
        ^
   fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
                fscache_put_volume(volume, fscache_volume_put_create_work);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:359:6: note: 'volume' is non-null
        if (volume) {
            ^~~~~~
   fs/fscache/volume.c:359:2: note: Taking true branch
        if (volume) {
        ^
   fs/fscache/volume.c:366:7: note: 'zero' is true
                if (zero)
                    ^~~~
   fs/fscache/volume.c:366:3: note: Taking true branch
                if (zero)
                ^
   fs/fscache/volume.c:367:4: note: Calling 'fscache_free_volume'
                        fscache_free_volume(volume);
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:331:2: note: Taking false branch
        if (fscache_begin_volume_access(volume, fscache_access_relinquish_volume)) {
        ^
   fs/fscache/volume.c:343:2: note: Taking false branch
        if (!hlist_bl_unhashed(&volume->hash_link))
        ^
   fs/fscache/volume.c:348:2: note: Memory is released
        kfree(volume);
        ^~~~~~~~~~~~~
   fs/fscache/volume.c:349:2: note: Loop condition is false.  Exiting loop
        fscache_stat_d(&fscache_n_volumes);
        ^
   fs/fscache/internal.h:112:30: note: expanded from macro 'fscache_stat_d'
   #define fscache_stat_d(stat) do {} while (0)
                             ^
   fs/fscache/volume.c:367:4: note: Returning; memory was released via 1st parameter
                        fscache_free_volume(volume);
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:253:3: note: Returning; memory was released via 1st parameter
                fscache_put_volume(volume, fscache_volume_put_create_work);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:256:6: note: 'wait' is false
        if (wait) {
            ^~~~
   fs/fscache/volume.c:256:2: note: Taking false branch
        if (wait) {
        ^
   fs/fscache/volume.c:285:2: note: Returning; memory was released via 1st parameter
        fscache_create_volume(volume, false);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   fs/fscache/volume.c:286:2: note: Use of memory after it is freed
        return volume;
        ^      ~~~~~~

vim +286 fs/fscache/volume.c

f463b2680fc340 David Howells 2020-02-06  266
f463b2680fc340 David Howells 2020-02-06  267  /*
f463b2680fc340 David Howells 2020-02-06  268   * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06  269   */
f463b2680fc340 David Howells 2020-02-06  270  struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06  271  						const char *cache_name,
f463b2680fc340 David Howells 2020-02-06  272  						u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06  273  {
f463b2680fc340 David Howells 2020-02-06  274  	struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06  275
f463b2680fc340 David Howells 2020-02-06  276  	volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06  277  	if (!volume)
f463b2680fc340 David Howells 2020-02-06  278  		return NULL;
f463b2680fc340 David Howells 2020-02-06  279
f463b2680fc340 David Howells 2020-02-06  280  	if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06  281  		fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06  282  		return NULL;
f463b2680fc340 David Howells 2020-02-06  283  	}
f463b2680fc340 David Howells 2020-02-06  284
f463b2680fc340 David Howells 2020-02-06  285  	fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286  	return volume;
f463b2680fc340 David Howells 2020-02-06  287  }
f463b2680fc340 David Howells 2020-02-06  288  EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06  289

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip