Date: Tue, 10 Sep 2024 23:52:09 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 281402] zfs: kmsan reports Uninitialized UMA memory from zio_data_buf_alloc Message-ID: <bug-281402-3630-sjl2ywE5zy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-281402-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-281402-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281402 Rob Norris <robn@despairlabs.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robn@despairlabs.com --- Comment #3 from Rob Norris <robn@despairlabs.com> --- I know its just one example, but I'm a little confused by the trace, and if= you can help me understand it, that might shed some light on what's happening. It came through zio_flush(), which is a data-less op (io_abd =3D=3D NULL). = That ultimately lands in zfs_vop_fsync(), and from there to VOP_FSYNC(), which doesn't take any data. Hmm, though now I think about it, if VOP_FSYNC() is just forcing out previously-submitted writes, then could it be that the write op returned, t= he underlying system (VFS? UFS?) has just held the iovec and not actually processed it yet, ZFS frees the ABD and now that thing is holding a stale r= ef? vdev_file_io_strategy() for write() is: buf =3D abd_borrow_buf_copy(zio->io_abd, zio->io_size); err =3D zfs_file_pwrite(vf->vf_file, buf, size, off, &resid); abd_return_buf(zio->io_abd, buf, size); That calles zfs_file_write_impl(buf), which submits a single iovec, with iov_base =3D buf: aiov.iov_base =3D (void *)(uintptr_t)buf; aiov.iov_len =3D count; auio.uio_iov =3D &aiov; auio.uio_iovcnt =3D 1; ... rc =3D fo_write(fp, &auio, td->td_ucred, FOF_OFFSET, td); So is ZFS holding fo_write() wrong? Should it be copying the buffer and/or setting some kind of completion callback to do the free in? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281402-3630-sjl2ywE5zy>