On Fri, Jul 1, 2016 at 4:43 AM, Omar Sandoval <osan...@osandov.com> wrote: > On Thu, Jun 30, 2016 at 10:50:44AM +0200, Dmitry Vyukov wrote: >> Hello, >> >> The following program triggers GPF in get_task_ioprio if run in a parallel >> loop: > > Dmitry, > > Could you please try the below? > > diff --git a/block/ioprio.c b/block/ioprio.c > index cc7800e9eb44..01b8116298a1 100644 > --- a/block/ioprio.c > +++ b/block/ioprio.c > @@ -150,8 +150,10 @@ static int get_task_ioprio(struct task_struct *p) > if (ret) > goto out; > ret = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, IOPRIO_NORM); > + task_lock(p); > if (p->io_context) > ret = p->io_context->ioprio; > + task_unlock(p); > out: > return ret; > } > > I'm having a hard time reproducing it but I can see how it could happen; > I think `p->io_context` is getting freed in exit_io_context() in between > the `if (p->io_context)` and `ret = p->io_context->ioprio`.
I see that you were able to reproduce it. So I am not testing it.
