Hi Kent, Looking around in the bcachefs code for possible causes of this KMSAN bug report:
https://lore.kernel.org/lkml/[email protected]/ I notice the following pattern in the bcachefs structures: zero-length arrays members are inserted in structures (not always at the end), seemingly to achieve a result similar to what could be done with a union: fs/bcachefs/bcachefs_format.h: struct bkey_packed { __u64 _data[0]; /* Size of combined key and value, in u64s */ __u8 u64s; [...] }; likewise: struct bkey_i { __u64 _data[0]; struct bkey k; struct bch_val v; }; (and there are many more examples of this pattern in bcachefs) AFAIK, the C11 standard states that array declarator constant expression delimited by [ ] shall have a value greater than zero. Effectively, we can verify that this code triggers an undefined behavior with: #include <stdio.h> struct z { int x[0]; int y; int z; } __attribute__((packed)); int main(void) { struct z a; a.y = 1; printf("%d\n", a.x[0]); } clang-15 -fsanitize=undefined -o a a.c ./a a.c:14:17: runtime error: index 0 out of bounds for type 'int[0]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior a.c:14:17 in 1 Also, gcc warns that ISO C forbids zero-size arrays when compiling with -pedantic: gcc -std=c11 -pedantic -o a a.c a.c:4:13: warning: ISO C forbids zero-size array ‘x’ [-Wpedantic] 4 | int x[0]; And clang states that this is only supported as an extension, even though accessing it seems to be classified as an undefined behavior by UBSAN. clang-15 -std=c11 -pedantic -o a a.c a.c:4:8: warning: zero size arrays are an extension [-Wzero-length-array] int x[0]; So I wonder if the issue reported by KMSAN could be caused by this pattern ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com
