On 7/31/19 12:39 AM, Jackie Liu wrote: > [root@localhost ~]# ./liburing/test/link > > QEMU Standard PC report that: > > [ 29.379892] CPU: 0 PID: 84 Comm: kworker/u2:2 Not tainted 5.3.0-rc2-00051-g4010b622f1d2-dirty #86 > [ 29.379902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 > [ 29.379913] Workqueue: io_ring-wq io_sq_wq_submit_work > [ 29.379929] Call Trace: > [ 29.379953] dump_stack+0xa9/0x10e > [ 29.379970] ? io_sq_wq_submit_work+0xbf4/0xe90 > [ 29.379986] print_address_description.cold.6+0x9/0x317 > [ 29.379999] ? io_sq_wq_submit_work+0xbf4/0xe90 > [ 29.380010] ? io_sq_wq_submit_work+0xbf4/0xe90 > [ 29.380026] __kasan_report.cold.7+0x1a/0x34 > [ 29.380044] ? io_sq_wq_submit_work+0xbf4/0xe90 > [ 29.380061] kasan_report+0xe/0x12 > [ 29.380076] io_sq_wq_submit_work+0xbf4/0xe90 > [ 29.380104] ? io_sq_thread+0xaf0/0xaf0 > [ 29.380152] process_one_work+0xb59/0x19e0 > [ 29.380184] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 > [ 29.380221] worker_thread+0x8c/0xf40 > [ 29.380248] ? __kthread_parkme+0xab/0x110 > [ 29.380265] ? process_one_work+0x19e0/0x19e0 > [ 29.380278] kthread+0x30b/0x3d0 > [ 29.380292] ? kthread_create_on_node+0xe0/0xe0 > [ 29.380311] ret_from_fork+0x3a/0x50 > > [ 29.380635] Allocated by task 209: > [ 29.381255] save_stack+0x19/0x80 > [ 29.381268] __kasan_kmalloc.constprop.6+0xc1/0xd0 > [ 29.381279] kmem_cache_alloc+0xc0/0x240 > [ 29.381289] io_submit_sqe+0x11bc/0x1c70 > [ 29.381300] io_ring_submit+0x174/0x3c0 > [ 29.381311] __x64_sys_io_uring_enter+0x601/0x780 > [ 29.381322] do_syscall_64+0x9f/0x4d0 > [ 29.381336] entry_SYSCALL_64_after_hwframe+0x49/0xbe > > [ 29.381633] Freed by task 84: > [ 29.382186] save_stack+0x19/0x80 > [ 29.382198] __kasan_slab_free+0x11d/0x160 > [ 29.382210] kmem_cache_free+0x8c/0x2f0 > [ 29.382220] io_put_req+0x22/0x30 > [ 29.382230] io_sq_wq_submit_work+0x28b/0xe90 > [ 29.382241] process_one_work+0xb59/0x19e0 > [ 29.382251] worker_thread+0x8c/0xf40 > [ 29.382262] kthread+0x30b/0x3d0 > [ 29.382272] ret_from_fork+0x3a/0x50 > > [ 29.382569] The buggy address belongs to the object at ffff888067172140 > which belongs to the cache io_kiocb of size 224 > [ 29.384692] The buggy address is located 120 bytes inside of > 224-byte region [ffff888067172140, ffff888067172220) > [ 29.386723] The buggy address belongs to the page: > [ 29.387575] page:ffffea00019c5c80 refcount:1 mapcount:0 mapping:ffff88806ace5180 index:0x0 > [ 29.387587] flags: 0x100000000000200(slab) > [ 29.387603] raw: 0100000000000200 dead000000000100 dead000000000122 ffff88806ace5180 > [ 29.387617] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 > [ 29.387624] page dumped because: kasan: bad access detected > > [ 29.387920] Memory state around the buggy address: > [ 29.388771] ffff888067172080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc > [ 29.390062] ffff888067172100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb > [ 29.391325] >ffff888067172180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 29.392578] ^ > [ 29.393480] ffff888067172200: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc > [ 29.394744] ffff888067172280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 29.396003] ================================================================== > [ 29.397260] Disabling lock debugging due to kernel taint > > io_sq_wq_submit_work free and read req again. Good catch, and I v2 is much cleaner than the first one. Applied. -- Jens Axboe
