On Sun, Apr 08, 2018 at 04:11:51PM +0800, Joseph Qi wrote: > This is because scsi_remove_device() will call blk_cleanup_queue(), and > then all blkgs have been destroyed and root_blkg is NULL. > Thus tg is NULL and trigger NULL pointer dereference when get td from > tg (tg->td). > It seems that we cannot simply move blkcg_exit_queue() up to > blk_cleanup_queue(). Maybe one per-queue blkcg should be introduced, which seems reasonable too. Thanks, Ming
