On 11/15/19 3:16 AM, Alexander Potapenko wrote: > Hi Jens, > > I'm debugging an issue in nullb driver reported by KMSAN at QEMU startup. > There are numerous reports like the one below when checking nullb for > different partition types. > Basically, read_dev_sector() allocates a cache page which is then > wrapped into a bio and passed to the device driver, but never > initialized. > > I've tracked the problem down to a call to null_handle_cmd(cmd, > /*sector*/0, /*nr_sectors*/8, /*op*/0). > Turns out all the if-branches in this function are skipped, so neither > of null_handle_throttled(), null_handle_flush(), > null_handle_badblocks(), null_handle_memory_backed(), > null_handle_zoned() is executed, and we proceed directly to > nullb_complete_cmd(). > > As a result, the pages read from the nullb device are never > initialized, at least at boot time. > How can we fix this? > > This bug may also have something to do with > https://groups.google.com/d/topic/syzkaller-bugs/d0fmiL9Vi9k/discussion. Probably just want to have the read path actually memset() them to zero, or something like that. -- Jens Axboe
