On Wed, May 29, 2024 at 04:50:02PM +0800, Chengming Zhou wrote: > Yes, because we use list_move_tail() in the flush sequences. Maybe we can > just use list_add_tail() so we don't need the queuelist initialized. It > should be ok since rq can't be on any list when PREFLUSH or POSTFLUSH, > so there isn't any move actually. Sounds good. > But now I'm concerned that rq->queuelist maybe changed by driver after > request end? How could the driver change it? > > Also, just out of interest: Can you estimate whether this issue is > > specific to software RAID setups, or could similar NULL pointer > > dereferences also happen in setups without software RAID? > > I think it can also happen without software RAID. Seems to be about batch allocation. So you either need a plug in the stacking device, or io_uring. I guess people aren't using the io_uring high performance options on devices with a write cache all that much, as that should immediately reproduce the problem.
