Re: docker crashes rcuos in __blkg_release_rcu

[Vivek Goyal]

On Sun, Jun 08, 2014 at 06:22:00PM -0400, Joe Lawrence wrote:

[..]
> Summary thus far:
> 
> R12: ffff88103c17a130 = struct rcu_head *rcu_head 
> R13: ffff88103c17a080 = struct blkcg_gq *blkg
>      ffff88103fc7df90 = struct request_queue *blkg->q (contains 0x6b
>                                                        poison-pattern)
> 
> commit 2a4fd070 "blkcg: move bulk of blkcg_gq release operations to the
> RCU callback" shuffled around some code in this space, introducing the
> the calls to spin_[un]lock_irq(blkg->q->queue_lock).
> 

Hi Joe,

Thanks for reporting and debugging this issue. So in summary it looks
like that we have freed request queue associated with the blkg and
when blkg is freed later and tries to access spin lock embedded in
request queue, it crashes.

So the question is why request queue is being freed early. Are there any
reference counting issues.

I will spend some more time staring at the code.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/