Hello, following are the details of the bug in fio. This bug in fio can show up as corruption of data when performing verify. Description: ---------------- if the product of block size and queudepth is greater than 4GB, io_u buffer will not be assigned properly due to overflow. fio --bsrange=256k-4m --ioengine=libaio --iodepth=2064 --direct=1 --name=job3 --offset=2GB --size=14GB --rw=write --verify_pattern=0xdeadbeef --filename=/dev/sdb can show false corruption. Version: ----------- 1.58 Explanation: ----------------- in a loop fio tries to assign the data buffer to each i/o request. static int init_io_u(struct thread_data *td) { struct io_u *io_u; unsigned int max_bs; int cl_align, i, max_units; char *p; ... p = td->orig_buffer; ... for (i = 0; i < max_units; i++) { ... io_u->buf = p + max_bs * i; } } at max_bs=4M i=1024, the integer overflows and the addresses are being used again. i,e i/o request 1024 will have the same data buffer as that of i/o request 0. This is seen from fio debug log. mem 11164 io_u alloc 0x219f530, index 0 mem 11164 io_u 0x219f530, mem 0x7f09bb62d000 mem 11164 io_u alloc 0x219f820, index 1 mem 11164 io_u 0x219f820, mem 0x7f09bba2d000 mem 11164 io_u alloc 0x225b530, index 1024 mem 11164 io_u 0x225b530, mem 0x7f09bb62d000 mem 11164 io_u alloc 0x225b820, index 1025 mem 11164 io_u 0x225b820, mem 0x7f09bba2d000 the fix is as follows: io_u->buf = p + (unsigned long long)max_bs * i; thanks, -jagadish -- To unsubscribe from this list: send the line "unsubscribe fio" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html