On 02/12/2020 11:31, Xiaoguang Wang wrote: [...] > The reason is that once we got a non EAGAIN error in io_wq_submit_work(), > we'll complete req by calling io_req_complete(), which will hold completion_lock > to call io_commit_cqring(), but for polled io, io_iopoll_complete() won't > hold completion_lock to call io_commit_cqring(), then there maybe concurrent > access to ctx->defer_list, double free may happen. > > To fix this bug, we always let io_iopoll_complete() complete polled io. I took this one into a series. -- Pavel Begunkov
