Hi yang-erkun, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers: @YangYingliang , @成坚 (CHENG Jian) , @jiaoff , @刘勇强 , @wangxiongfeng , @朱科潜 , @WangShaoBo , @lujialin , @Xu Kuohai , @冷嘲啊 , @Lingmingqiang , @yuzenghui , @juntian , @OSSIM , @陈结松 , @whoisxxx , @koulihong , @刘恺 , @hanjun-guo , @woqidaideshi , @Chiqijun , @Kefeng , @ThunderTown , @AlexGuo , @kylin-mayukun , @Zheng Zucheng , @柳歆 , @Jackie Liu , @zhujianwei001 , @郑振鹏 , @SuperSix173 , @colyli , @Zhang Yi , @htforge , @Qiuuuuu , @Yuehaibing , @xiehaocheng , @guzitao , @CTC-Xibo.Wang , @zhanghongchen , @chen wei , @Jason Zeng , @苟浩 , @DuanqiangWen , @georgeguo , @毛泓博 , @AllenShi , @zhangjialin , @Wei Li , @tcc@hello , @谭小飞 , @Fred Kimmy , @LiYihang , @young1c , @hucz , @WangBoe2022 , @chenke , @李力军 , @Yang Shen , @wsoydl , @sanglipeng , @zhangchangzhong , @jimmy_hero , @YGN-NDWD-Official , @Xie XiuQi , @zhengzengkai

[515647.099877] ==================================================================
[515647.125027] BUG: KASAN: use-after-free in __wake_up_common+0x622/0x6e0
[515647.125053] Read of size 8 at addr ffff8880220dcda0 by task kworker/2:1H/108
[515647.125071]
[515647.125144] CPU: 2 PID: 108 Comm: kworker/2:1H Not tainted 5.10.0-g25d42c5b82d4 #1
[515647.125165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[515647.125224] Workqueue: xfs-log/vda1 xlog_ioend_work
[515647.125246] Call Trace:
[515647.125320] ? dump_stack+0x10d/0x163
[515647.125342] ? __wake_up_common+0x622/0x6e0
[515647.125378] ? print_address_description.constprop.2+0x2c/0x390
[515647.125419] ? kthread+0x415/0x4f0
[515647.125446] ? vprintk_func+0x97/0x1d0
[515647.125531] ? irq_work_claim+0x26/0x110
[515647.125555] ? __wake_up_common+0x622/0x6e0
[515647.125572] ? __wake_up_common+0x622/0x6e0
[515647.125609] ? kasan_report.cold.5+0x56/0xba
[515647.125626] ? __wake_up_common+0x622/0x6e0
[515647.125645] ? __asan_report_load8_noabort+0x20/0x30
[515647.125675] ? __wake_up_common+0x622/0x6e0
[515647.125705] ? __wake_up_common_lock+0xe2/0x150
[515647.125726] ? __wake_up_locked+0x30/0x30
[515647.125817] ? __wake_up+0x17/0x20
[515647.125861] ? xfs_buf_item_unpin+0x5d9/0xad0
[515647.125879] ? xfs_buf_item_done+0xd0/0xd0
[515647.125919] ? xfs_trans_committed_bulk+0x813/0xc50
[515647.125940] ? xlog_state_do_callback+0x78b/0xe80
[515647.125961] ? __xfs_trans_commit+0x1300/0x1300
[515647.126002] ? __kasan_check_write+0x20/0x30
[515647.126023] ? rcu_segcblist_inc_len+0x1f/0x40
[515647.126066] ? __remove_object+0x160/0x160
[515647.126182] ? blk_mq_dispatch_rq_list+0x11df/0x2790
[515647.126222] ? sbitmap_any_bit_set+0x17a/0x1c0
[515647.126265] ? __kasan_slab_free+0x14b/0x220
[515647.126287] ? blk_mq_do_dispatch_ctx+0x150/0x720
[515647.126302] ? xlog_cil_committed+0x265/0x1140
[515647.126333] ? _raw_spin_lock_irq+0x120/0x120
[515647.126353] ? _raw_spin_lock_irqsave+0xa8/0x130
[515647.126373] ? __blk_mq_sched_dispatch_requests+0x4d2/0x6a0
[515647.126396] ? xlog_discard_endio_work+0xd0/0xd0
[515647.126468] ? _raw_read_unlock_irqrestore+0x50/0x50
[515647.126521] ? blk_mq_sched_dispatch_requests+0x127/0x1e0
[515647.126542] ? __kasan_check_read+0x1d/0x30
[515647.126557] ? xlog_cil_process_committed+0x15b/0x280
[515647.126583] ? xlog_state_done_syncing+0x21c/0x400
[515647.126616] ? xlog_state_do_callback+0x78b/0xe80
[515647.126638] ? xlog_grant_push_ail+0x100/0x100
[515647.126657] ? _raw_spin_lock_irq+0x120/0x120
[515647.126685] ? xlog_ioend_work+0x16c/0x2a0
[515647.126706] ? xlog_state_done_syncing+0x21c/0x400
[515647.126737] ? xlog_ioend_work+0x16c/0x2a0
[515647.126754] ? process_one_work+0x7e0/0x1560
[515647.126771] ? wq_worker_running+0x156/0x1a0
[515647.126813] ? worker_thread+0x5e9/0x1170
[515647.126943] ? __kasan_check_read+0x1d/0x30
[515647.206175] ? __kthread_parkme+0x108/0x180
[515647.207075] ? rescuer_thread+0xe90/0xe90
[515647.207962] ? kthread+0x415/0x4f0
[515647.208724] ? __kthread_parkme+0x180/0x180
[515647.211027] ? ret_from_fork+0x1f/0x30
[515647.211918]
[515647.212277] Allocated by task 28970:
[515647.213203] kasan_save_stack+0x21/0x60
[515647.218391] __kasan_kmalloc.constprop.0+0x10a/0x120
[515647.221299] kasan_slab_alloc+0x15/0x20
[515647.222266] kmem_cache_alloc+0x26e/0xb20
[515647.223244] _xfs_buf_alloc+0x7d/0x1000
[515647.224222] xfs_buf_get_map+0x166/0x8c0
[515647.225418] xfs_buf_read_map+0xda/0xa20
[515647.226373] xfs_trans_read_buf_map+0xf84/0x1080
[515647.227461] xfs_read_agf+0x24d/0x550
[515647.228354] xfs_alloc_read_agf+0x8b/0xff0
[515647.229313] xfs_alloc_fix_freelist+0x7d4/0x11f0
[515647.230356] xfs_free_extent_fix_freelist+0x12c/0x250
[515647.231583] __xfs_free_extent+0x1ad/0x550
[515647.232675] xfs_trans_free_extent+0x10c/0x530
[515647.233745] xfs_extent_free_finish_item+0xd7/0x180
[515647.234902] xfs_defer_finish_noroll+0xc4b/0x2180
[515647.277598] xfs_defer_finish+0x23/0x2f0
[515647.278577] xfs_itruncate_extents_flags+0x48e/0xe80
[515647.279753] xfs_inactive_truncate+0x1cf/0x350
[515647.280839] xfs_inactive+0x89b/0xa70
[515647.281803] xfs_inodegc_worker+0x24d/0x550
[515647.282788] process_one_work+0x7e0/0x1560
[515647.283778] worker_thread+0x5e9/0x1170
[515647.284727] kthread+0x415/0x4f0
[515647.285461] ret_from_fork+0x1f/0x30
[515647.286225]
[515647.286580] Freed by task 30263:
[515647.290269] kasan_save_stack+0x21/0x60
[515647.291336] kasan_set_track+0x24/0x40
[515647.292262] kasan_set_free_info+0x2b/0x50
[515647.293371] __kasan_slab_free+0x131/0x220
[515647.294378] kasan_slab_free+0x12/0x20
[515647.295346] kmem_cache_free+0x12b/0xa00
[515647.296442] xfs_buf_free+0x434/0x710
[515647.297463] xfs_buf_rele+0x9ef/0x15e0
[515647.298547] xfs_buftarg_shrink_scan+0x1f4/0x330
[515647.299980] do_shrink_slab+0x3ca/0xc40
[515647.303495] shrink_slab+0x1c1/0x880
[515647.308513] drop_slab_node+0xb0/0x180
[515647.309451] drop_slab+0x5a/0xa0
[515647.310188] drop_caches_sysctl_handler+0x127/0x1e0
[515647.311209] proc_sys_call_handler+0x489/0x5e0
[515647.312120] proc_sys_write+0x2a/0x40
[515647.312898] new_sync_write+0x515/0x750
[515647.313696] vfs_write+0x69b/0x970
[515647.314708] ksys_write+0x118/0x2b0
[515647.315434] __x64_sys_write+0x94/0xe0
[515647.316214] do_syscall_64+0x45/0x70
[515647.316977] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[515647.318054]
[515647.318414] The buggy address belongs to the object at ffff8880220dcd40
[515647.318414] which belongs to the cache xfs_buf of size 392
[515647.320932] The buggy address is located 96 bytes inside of
[515647.320932] 392-byte region [ffff8880220dcd40, ffff8880220dcec8)
[515647.323356] The buggy address belongs to the page:
[515647.324382] page:ffffea0000883700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x220dc
[515647.326458] head:ffffea0000883700 order:2 compound_mapcount:0 compound_pincount:0
[515647.347232] flags: 0x1fffff80010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[515647.348763] raw: 001fffff80010200 ffffea00007f1c08 ffff88801500aa70 ffff8880150010c0
[515647.350398] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000
[515647.352157] page dumped because: kasan: bad access detected
[515647.353567]
[515647.353965] Memory state around the buggy address:
[515647.359486] ffff8880220dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[515647.361004] ffff8880220dcd00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[515647.362525] >ffff8880220dcd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[515647.364054] ^
[515647.364994] ffff8880220dce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[515647.366250] ffff8880220dce80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[515647.367570] ==================================================================
[515647.369086] Disabling lock debugging due to kernel taint
[515647.370217] ------------[ cut here ]------------
[515647.387646] kernel BUG at mm/kasan/report.c:110!
[515647.389047] invalid opcode: 0000 [#1] SMP KASAN
[515647.390187] CPU: 2 PID: 108 Comm: kworker/2:1H Tainted: G B 5.10.0-g25d42c5b82d4 #1
[515647.392215] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[515647.394766] Workqueue: xfs-log/vda1 xlog_ioend_work
[515647.395826] RIP: 0010:end_report.cold.3+0x20/0x58
[515647.396828] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 48 83 05 d9 71 19 0d 01 e9 65 94 bb fd 48 8b 05 ad 77 19 0d 48 83 05 0d 72 19 0d 01 a8 02 74 1a <0f> 0b 48 83 05 0f 72 19 0d 01 48 83 05 0f 72 19 0d 01 48 83 05 0f
[515647.400730] RSP: 0000:ffff8881065d7690 EFLAGS: 00010046