On Wed, Feb 12, 2020 at 8:58 AM Michael Stapelberg
<michael+lkml@xxxxxxxxxxxxx> wrote:
> (gdb) p *req->args
> $5 = {
> nodeid = 18446683600620026424,
> opcode = 2167928246,
> in_numargs = 65535,
> out_numargs = 65535,
> force = false,
> noreply = false,
> nocreds = false,
> in_pages = false,
> out_pages = false,
> out_argvar = true,
> page_zeroing = true,
> page_replace = false,
> in_args = {{
> size = 978828800,
> value = 0x2fafce0
> }, {
> size = 978992728,
> value = 0xffffffff8138efaa <fuse_alloc_forget+26>
> }, {
> size = 50002688,
> value = 0xffffffff8138635f <fuse_lookup_name+255>
> }},
> out_args = {{
> size = 570,
> value = 0xffffc90002fafb10
> }, {
> size = 6876,
> value = 0x3000000001adc
> }},
> end = 0x1000100000001
> }
Okay, that looks like rubbish, the request was possibly freed and overwritten.
> Independently, as a separate test, I have also modified the source like this:
>
> bool async;
> bool async_early = req->args->end;
>
> if (test_and_set_bit(FR_FINISHED, &req->flags))
> goto put_request;
>
> async = req->args->end;
>
> …and printed the value of async and async_early. async is true,
> async_early is false.
Can you save and print out the value of req->opcode before the
test_and_set_bit()?
Thanks,
Miklos
