From nobody Tue Sep 10 23:52:09 2024 X-Original-To: fs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X3L8p5BjZz5TvLD for ; Tue, 10 Sep 2024 23:52:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X3L8n6hmpz4Bfm for ; Tue, 10 Sep 2024 23:52:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726012329; a=rsa-sha256; cv=none; b=nZt9QW0d/xSEc9o5vihmXMWS/NRact9NVZnI8NDsfeVb35rO7xU/S+lMGEC+X4tuoiqpwP VwjWBQjFsLP0NTMyxo/DzgAI3V74pCP9rY/ffkiccGPBWBUsyt89uoDR7ro+K0JjeS9W1I 7eO7xlxdsh6ltJoFDDarD/kpMXsBzWy+xV3hUov2rB6PEFuk7tJvyhT+mYO5ZVAVltvAAM h8JBV9bKQpBtNzB8QV0GglW4/zWGxpGgBJ8J4tOOQqE48Iqu01SqtX7jTTpDNzGZDdyE/X 7j81eQ9rOBWKs+yM7LekDEoYV1s8YN+ZRbEKeBIr4zV7FLt4arGDdcrjamxNSA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726012329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i/g6n2x7fjOd2Z/12PPM1x6dliifgLKmGnVXMP+fZfk=; b=NCYPaHHX5f91PVXWEl3VPlRNvks3t6zouDRKfNhFQ8vj9+H+xv7y3bRnr9T2qXsZ110Rbg c/Rqrk5ZC0f0IpUYn4H+4szrgYXzCIgUZyJdGhrL0JmXLBeGfFk7fa3D6PZK1FrxxW6ttm 4A2jWd8aZZE2a2FmxK1OKQjXFjxfzvs7X0f31YkJhenWK7d2iwMpfe1T6hzGdl/bvpwcmu juxW58bwYVdahygvFs5EovApj+ZTvbSaetQUhLK1BGN3lPAonKJcElm+ca/wkv5HpQ7B4V /ZJKNmwPEaZOT/wiUxMvFX2m+Qy5wGreoSUEorC+hexgFltDTJtk+DDyuhDjoA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X3L8n6BBSz17LJ for ; Tue, 10 Sep 2024 23:52:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 48ANq9BE017082 for ; Tue, 10 Sep 2024 23:52:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 48ANq9q4017063 for fs@FreeBSD.org; Tue, 10 Sep 2024 23:52:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 281402] zfs: kmsan reports Uninitialized UMA memory from zio_data_buf_alloc Date: Tue, 10 Sep 2024 23:52:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: robn@despairlabs.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: fs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Filesystems List-Archive: https://lists.freebsd.org/archives/freebsd-fs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-fs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281402 Rob Norris changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robn@despairlabs.com --- Comment #3 from Rob Norris --- I know its just one example, but I'm a little confused by the trace, and if= you can help me understand it, that might shed some light on what's happening. It came through zio_flush(), which is a data-less op (io_abd =3D=3D NULL). = That ultimately lands in zfs_vop_fsync(), and from there to VOP_FSYNC(), which doesn't take any data. Hmm, though now I think about it, if VOP_FSYNC() is just forcing out previously-submitted writes, then could it be that the write op returned, t= he underlying system (VFS? UFS?) has just held the iovec and not actually processed it yet, ZFS frees the ABD and now that thing is holding a stale r= ef? vdev_file_io_strategy() for write() is: buf =3D abd_borrow_buf_copy(zio->io_abd, zio->io_size); err =3D zfs_file_pwrite(vf->vf_file, buf, size, off, &resid); abd_return_buf(zio->io_abd, buf, size); That calles zfs_file_write_impl(buf), which submits a single iovec, with iov_base =3D buf: aiov.iov_base =3D (void *)(uintptr_t)buf; aiov.iov_len =3D count; auio.uio_iov =3D &aiov; auio.uio_iovcnt =3D 1; ... rc =3D fo_write(fp, &auio, td->td_ucred, FOF_OFFSET, td); So is ZFS holding fo_write() wrong? Should it be copying the buffer and/or setting some kind of completion callback to do the free in? --=20 You are receiving this mail because: You are the assignee for the bug.=