Hi,
I have a gnarly issue with io_uring and fixed buffers (fixed
read/write). It seems the contents of those buffers contain old data in
some rare cases under memory pressure after a read/during a write.
Specifically I use io_uring with fuse and to confirm this is not some
user space issue let fuse print the unique id it adds to each request.
Fuse adds this request data to a pipe, and when the pipe buffer is later
copied to the io_uring fixed buffer it has the id of a fuse request
returned earlier using the same buffer while returning the size of the
new request. Or I set the unique id in the buffer, write it to fuse (via
writing to a pipe, then splicing) and then fuse returns with e.g.
ENOENT, because the unique id is not correct because in kernel it reads
the id of the previous, already completed, request using this buffer.
To make reproducing this faster running memtester (which mlocks a
configurable amount of memory) with a large amount of user memory every
30s helps. So it has something to do with swapping? It seems to not
occur if no swap space is active. Problem occurs without warning when
the kernel is build with KASAN and slab debugging.
If I don't use the _FIXED opcodes (which is easy to do), the problem
does not occur.
Problem occurs with 5.9.16 and 5.10.5.
Regards,
Martin Raiber
