On Tue, Dec 27, 2022 at 08:55:02PM +0800, Yu Kuai wrote: > Root cause is that blkg_free() can be asynchronously, and it can race > with delete device: > > T1 T2 T3 > //delete device > del_gendisk > bdi_unregister > bdi_remove_from_list > synchronize_rcu_expedited > > //rmdir cgroup > blkcg_destroy_blkgs > blkg_destroy > percpu_ref_kill > blkg_release > call_rcu > rq_qos_exit > ioc_rqos_exit > kfree(ioc) > __blkg_release > blkg_free > blkg_free_workfn > pd_free_fn > ioc_pd_free > spin_lock_irqsave > > Fix the problem by add refcounting for ioc, and iocg will grab reference > of ioc, so that ioc won't be freed until all the iocg is exited. Ditto, why do this in iocost instead of blk-cgroup core? Thanks. -- tejun
