On Tue, Jun 10, 2014 at 02:39:06PM -0400, Joe Lawrence wrote: [..] > > I am wondering if we need to take a reference on the queue > > (blk_get_queue()) in blkg_alloc(), to make sure request queue is > > still around when blkg is being freed. > > I experimented with this and the crash does go away (and the docker > invocation completes successfully). I wasn't sure where the > accompanying blk_put_queue() should go. If I put it in blkg_free, the > kref accounting doesn't seem to even out, ie they never fall to zero.
I think blkg_free() is logical place to put down queue reference. I am not sure why it does not even out. Will spend some time on this. > > > I will try to reproduce the issue locally. > > Any luck? I found that slub_debug was required to draw out the crash, > otherwise the use-after-free silently goes about its business. I had tried it yesterday and saw the crash out of 3 attempts. I am right now busy in something. Give me 1-2 days and I will be able to spend more time on this problem. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
