On Sun, Apr 08, 2018 at 05:25:42PM +0800, Ming Lei wrote: > On Sun, Apr 08, 2018 at 04:11:51PM +0800, Joseph Qi wrote: > > This is because scsi_remove_device() will call blk_cleanup_queue(), and > > then all blkgs have been destroyed and root_blkg is NULL. > > Thus tg is NULL and trigger NULL pointer dereference when get td from > > tg (tg->td). > > It seems that we cannot simply move blkcg_exit_queue() up to > > blk_cleanup_queue(). > > Maybe one per-queue blkcg should be introduced, which seems reasonable > too. Sorry, I mean one per-queue blkcg lock. -- Ming
