Hi, Sorry that synchronize_rcu() is misplaced, it should be right after rcu_read_unlock(): 在 2023/04/27 15:13, Yu Kuai 写道:
t1: t2: raid10_write_request rcu_read_lock rdev = conf->mirros[].rdev raid10_remove_disk ...... // nr_pending is 0, remove disk // read inside rcu rcu_read_unlock
//set rdev NULL synchronize_rcu
raid10_write_one_disk // trigger null-ptr-dereference
Thanks, Kuai
